CN114402326A

CN114402326A - Tamper-proof encrypted currency card for real objects

Info

Publication number: CN114402326A
Application number: CN202080062425.9A
Authority: CN
Inventors: 博比·克里斯托弗·李
Original assignee: Ballet Global Ltd
Current assignee: Ballet Global Ltd
Priority date: 2019-07-05
Filing date: 2020-07-03
Publication date: 2022-04-26
Also published as: CN114402351A; EP3994007A4; WO2021007130A1; US10917238B2; WO2021007128A1; US20210004776A1; JP2022540728A; US20210006397A1; EP3994648A1; EP3994648A4; US20220329421A1; CN114341875A; AU2020311867A1; KR20220051163A; US20210005114A1; US11240021B2; US11799647B2; WO2021007129A1; EP3994007A1; US10887097B1

Abstract

A physical currency card (in some cases without any onboard power or computing power) is configured to maintain access information for digitally anonymous assets. Public access information, such as a cryptographic hash address that may be used to receive digitally anonymous assets or a public key that may be used to derive a cryptographic hash address that may be used to receive digitally anonymous accesses, may be visible upon inspection of the card to which such digitally anonymous assets may be transferred in one or more transactions conducted on a decentralized computing platform, such as a blockchain based decentralized computing platform. Private access information, such as a private key corresponding to a public key (e.g., a public-private key pair) or a representation of a private key (e.g., its ciphertext) and a corresponding encryption key, is physically hidden by the tamper-resistant component so that a user can easily determine whether the private access information is compromised.

Description

Tamper-proof encrypted currency card for real objects

Technical Field

The present disclosure relates generally to hardware accessories for managing digital anonymous assets, and more particularly, to tamper-resistant cards for storing physical objects of credentials by which wallet accounts may be accessed to obtain cryptocurrency and other digital anonymous assets.

Background

Decentralized computing systems are used to generate assets such as digital currency, or more generally, digital assets that may include coins, business certificates, etc., often in complex multi-participant online ecosystems. As with physical currency and commodities, some digital assets may exhibit similar attributes, including having associated value, competitiveness, and replaceability (or in some cases, non-replaceability, as with ERC721 business certificates). In general, decentralized computing platforms may allow investment and asset ownership transfers among participants. Although many people are currently using such platforms, the threshold for entry is relatively high due to the complexity of the system and the lack of a sophisticated, carefully designed user interface to abstract out this complexity. In particular, current currency (terms used herein generally refer to digitally anonymous assets, such as cryptocurrency, utility certificates (certificates), and the like) management systems are relatively technical in nature, and their failure modes prevent many less sophisticated users who otherwise wish to access decentralized computing platforms.

Examples of existing money management systems include powered hardware devices with integrated logic, such as mobile phones or USB-like key devices for storing private keys that support user cryptographic money accounts. Such a scheme is commonly referred to as a hardware wallet, which typically stores private and public (or other or address) encryption keys for accounts on various decentralized computing platforms, also commonly referred to as a wallet (but without a "hardware" qualifier). Using these wallets, users of the platform transact (e.g., send, receive, loan, borrow, be bound by, release a secured equity) in a digitally anonymous asset (e.g., exchange asset ownership or asset quantity). Users often back up their private keys, for example on an RFID backup card or physical paper, which provides a volatile point of failure. Other backups, such as online backups or other redundancy measures, add an attack surface for malicious participants to gain access to private keys. If a malicious user gains access to a secret key that supports a cryptocurrency account, the malicious user can clear the entire contents of the account without the user's recourse. Thus, there are complex considerations and tradeoffs regarding the security and backup of these private keys. Immature users face difficulty in dealing with these challenges and therefore often choose not to participate in encrypting current platforms.

Disclosure of Invention

The following is a non-exhaustive list of some aspects of the present technology. These and other aspects are described in the following disclosure.

Some aspects include a metal card having a credit card appearance. The card has a tamper resistant patch having at least two physical layers, one of which is partially concealed by the other. The top, exposed layer includes an optical code (e.g., a QR code) that encodes an address corresponding to a public key of a public (e.g., public-private) key pair of an asymmetric encryption algorithm. The top layer of the patch may include a window to the bottom layer. Through this window, the unique identifier of the key pair/card from the bottom layer is exposed. The top layer may include a corresponding unique identifier that is displayed to allow a user to verify that the unique identifier of the top layer matches the unique identifier of the exposed portion of the bottom layer. The unique identifier may correspond to a serial number within a namespace of an issuer of the card. In some embodiments, an additional unique identifier (e.g., a key of a key value pair) is used by the issuer on the server side to associate an information component or combination of information included on the card with other information in the database, which may be cryptographically hashed. The lower layer of the patch also includes content that is hidden by the top layer. The top layer of the patch is provided with a tamper-resistant adhesive substrate, which is lifted from the surface to which the substrate is adhered to produce a tamper-resistant effect, and by visual inspection, a user can determine whether the top layer has been lifted to expose at least a corresponding portion of the surface. In some aspects, the portion of the surface adhered comprises a hidden portion of the underlying layer. In some aspects, the portion of the surface adhered comprises a front side of the metal card that substantially surrounds the underlying layer. The hidden portion has printed thereon another optical code that encodes ciphertext whose plaintext is a private key of the key pair. The ciphertext is encrypted using a symmetric encryption protocol that uses an encryption key. The metal card may include an encryption key that may be marked (e.g., engraved) on the metal card. In some aspects, the encryption key is concealed in a tamper-resistant manner, for example, by a tamper-resistant adhesive substrate. The metal card may include a corresponding unique identifier that may be marked (e.g., engraved) on the metal card, the identifier being displayed to allow a user to verify that the unique identifier of the card matches the unique identifiers of the two physical layers of the patch. In some aspects, the public key is deterministically resolved into a set of wallet addresses on various decentralized computing platforms from which funds can be drawn given the private key, the top level displaying at least one optical code corresponding to at least one wallet address.

Some aspects include an apparatus comprising a physical card having a surface area of a first size corresponding to a face of the card; a patch comprising a plurality of layers, the plurality of layers comprising: a first adhesive layer having a surface area of a second size smaller than the first size, the first adhesive layer adhering to a corresponding area on the face of the card; a first printed layer having a surface area of approximately the second size, the first printed layer disposed over the first adhesive layer and including a hidden information portion having at least some private information disposed thereon; a second adhesive layer having a surface area of a third size smaller than the first size and larger than the second size, wherein the second adhesive layer is disposed over the first printed layer, covers the hidden information portion of the first printed layer, extends beyond the first printed layer on at least three sides, and is affixed to a corresponding surface area on a face of the card; and a second printed layer having a surface area of approximately a third size, wherein the second printed layer is disposed over the second adhesive layer and includes a public information portion provided with at least some public information; wherein, of the plurality of layers, at least one of the layers disposed above the first printed layer comprises means for indicating tampering.

Some aspects include a physical card having a surface area of a first size corresponding to a face of the card, the physical card including a first unique identifier and a code; a tamper-resistant masking member secured to a face of the card and concealing the code; and a tamper-resistant patch secured to a face of the card, the tamper-resistant patch comprising: a base component secured to a face of the card, the base component including a second unique identifier and private access information; and a tamper-resistant top assembly comprising: a first portion that hides private access information and includes public access information and a third unique identifier; a second portion surrounding the base assembly and secured to a face of the card; and a third portion in which the second unique identifier of the base component is visible and the ciphertext of the private access information is hidden, wherein the correspondence of the value of the unique identifier indicates a correspondence between the private access information and the public access information.

Some aspects include a multi-component patch comprising: a first assembly, the first assembly comprising: a first adhesive layer; a first printing layer disposed over the first adhesive layer and including: a hidden information portion on which at least some private information is provided during printing of the first printed layer; and a first common information portion on which an identifier is set during printing of the first print layer; and a second assembly comprising: a second adhesive layer disposed over the first printed layer and covering the hidden information portion of the first printed layer and extending beyond at least a portion of the perimeter of the first printed layer; and a second printed layer disposed over the second adhesive layer and including a second common information portion on which at least the identifier is disposed during the second process, wherein the second component includes a tamper-resistant feature in at least one layer and a window portion aligned with the first common information portion of the first printed layer.

Some aspects include a computing infrastructure that works with cards to provide multiple functions. Some aspects uniquely associate, at the server side, a unique identifier (or hash thereof) with a portion (e.g., the first four digits) of a symmetric encryption key (or hash thereof) in memory. In some aspects, the server exposes an API through which the cards can be authenticated. Some aspects include receiving a portion of a key, a unique identifier, or both, as a request from a user device for an API. In some aspects, the server performs a first verification based on the local data. In some aspects, the server performs a second validation based on the decentralized computing platform data. The server may generate a response reporting the verification value. For example, the response to the API request may include a value indicating whether it matches the set on the card (e.g., return a binary determination if both commit, return a sequence number if part of the key is committed, or return part of the key if the unique identifier is committed). In some cases, the server may write the verification result to a local database of the blockchain or card and initialize the count. The count of the authentication of the card may be incremented each time an authentication request of the card is received via the API. In some aspects, for a new currency card, the count indicates that the user is the first user to authenticate the card, and as a result, the card cannot be considered a new card even if the tamper resistant adhesive substrate on the encryption key is replaced.

Some aspects include operations comprising: deterministically generating, by the computer system, a public encryption key based on information corresponding to the private encryption key, the public encryption key and the private encryption key being members of an asymmetric encryption key pair; deterministically generating, by the computer system, a set of addresses based on the common cryptographic key, each of at least a plurality of addresses in the set of addresses corresponding to a different user account of a different decentralized computing platform; selecting, by the computer system, a master address from the set of addresses to be depicted on a physical card, the physical card also depicting information from which the private encryption key is accessible; deterministically generating, by the computer system, a record identifier that corresponds to the physical card and is based on information resident on the physical card other than the private or public key; storing, by the computer system, within the database, a record associated with the record identifier, the record including a set of addresses or information from which the set of addresses can be derived; receiving, by a computer system, a request for an additional address from a user computing device, the request uniquely identifying a record identifier; and sending, by the computer system, a response to the user device including one or more addresses of the set of addresses different from the primary address.

Some aspects include a system configured to verify authenticity of an article, the system comprising: a first computer system that generates deterministic data for one or more components of an article of manufacture, wherein the article of manufacture comprises: a first unique identifier and code disposed on the first component, a second unique identifier and private access information disposed on the second component, a third unique identifier and public access information disposed on the third component, and private access information disposed on the second component are concealed with a tamper-resistant mask; and a second computer system configured to: obtaining a subset of information corresponding to the article, the subset of information not providing access to a private key corresponding to the private access information; storing, in a database, a record of the artifact based on the subset of information; receiving a verification request including a record identifier, the record identifier based on a value of a code of an article and another value selected from one or more of a unique identifier or public access information; requesting a corresponding record from the database based on the record identifier; in response to obtaining a record for an article, updating a request count associated with the record; and sending an indication of a request count in response to the authentication request.

Some aspects include a native application for execution on a user mobile device. The native application may interface with an image sensor of the mobile device to scan the optical code. In some aspects, the optical code is a top-level QR code of the currency card that encodes the encrypted currency address based on a corresponding public key. In some aspects, the corresponding public key resolves to various wallet addresses on various blockchain networks. In some aspects, the native application queries an API of the server through the QR code to query one or more additional wallet addresses. In some aspects, the native application displays a UI indicating a wallet balance corresponding to one or more addresses associated with the currency card.

Some aspects include a native application configured to: scanning a main address arranged on the physical card; generating a request in the event that a private encryption key or a public encryption key corresponding to the physical card is not obtained; and in response to receiving the response, associating one or more addresses of the set of addresses different from the master address with a wallet account corresponding to the physical card; wherein the native application is further configured to perform one or more operations to: generating a user interface that displays representations of the physical card and one or more other scanned physical cards; and determining a balance associated with each scanned physical card among the plurality of addresses received for the respective scanned physical card; or receiving a selection of a representation of a given scanned physical currency card; and generating a user interface that displays a balance of the respective address associated with the given scanning card.

Some aspects include a tangible, non-transitory, machine-readable medium having instructions stored thereon, which when executed by a data processing apparatus, cause the data processing apparatus to perform operations comprising the above-described processes.

Some aspects include a system, comprising: one or more processors; and a memory storing instructions that, when executed by the processor, cause the processor to carry out the operations of the above-described processes.

Drawings

The foregoing and other aspects of the present technology will be better understood when the present application is read with reference to the following drawings, wherein like reference numerals represent similar or identical elements:

fig. 1A and 1B illustrate examples of currency cards including example tamper-resistant features and example authenticity verification features according to some embodiments.

FIG. 2 illustrates an example of a currency card including a captcha component that encrypts a passphrase and a corresponding tamper-resistant mask, in accordance with some embodiments.

FIG. 3A illustrates an example of a currency card including a tamper resistant top assembly of multi-component patches according to some embodiments.

Fig. 3B illustrates an example of a currency card showing the tamper-resistant effect after removing the tamper-resistant top component of the multi-component patch to expose the bottom component of the multi-component patch, according to some embodiments.

Fig. 4 illustrates an example of a currency card including an exposed bottom component of a multi-component patch and an encrypted passphrase, in accordance with some embodiments.

5A, 5B, and 5C illustrate example multi-layer patch configurations and applications for physical currency cards in accordance with at least some embodiments.

Fig. 6A and 6B illustrate examples of multi-component patches according to some embodiments.

Fig. 6C, 6D, 6E, and 6F illustrate examples of components of a multi-component patch according to some embodiments.

FIG. 7 illustrates an example computing environment in which a currency card may be implemented, according to some embodiments.

FIG. 8 illustrates an example computing system in accordance with embodiments of the present technology.

While the technology is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. The drawings may not be to scale. It should be understood, however, that the drawings and detailed description thereto are not intended to limit the technology to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the present technology as defined by the appended claims.

Detailed Description

To alleviate the problems described herein, the inventors must do both: the inventive solution, and in some cases equally important, is the recognition of the problem of decentralization of computing platforms and the field of digitally anonymous assets that is ignored (or not foreseen) by others. Indeed, the inventors expect to emphasize the difficulty of recognizing those new and more obvious problems in the future if industry trends continue as the inventors expect. Moreover, because a number of problems are addressed, it should be understood that some embodiments are problem specific and that not all embodiments solve each problem or provide each benefit described herein of conventional systems. That is, improvements of various arrangements to solve these problems are described below.

In some embodiments, the physical currency card (in some cases without any onboard power or computing power) is configured to maintain access information for the digital anonymous assets. Examples of access information may include a secret, private key with a corresponding public key, such as an encryption key pair in an asymmetric encryption algorithm, or a representation thereof (such as ciphertext thereof). The access information may also include one or more other encryption keys that may be used to decrypt a representation of a key pair, such as a symmetric key of a symmetric encryption algorithm. In some example embodiments, accessing information comprises: a cryptographic hash address, such as an account address, that may be used to receive digitally anonymous assets; an encrypted representation of the private key, e.g., the private key with a corresponding public key from which the cryptographic hash address is derived; with an encryption key by which the private key is encrypted to produce an encrypted representation thereof. Other variations are also discussed herein.

Various embodiments of physical cards are designed to provide a more robust mechanism than the electronic approach used to maintain access information (which does not imply the abandonment of electronic features or any other subject matter). Examples of electronic methods may include, but are not limited to (this is not meant to imply that other lists herein are limiting) electronic devices based on USB or wireless interfaces and electronically stored cryptographic keys. Failure of the electronic device (e.g., through a surge, EMP attack, electromigration, etc.) may result in the funds being unrecoverable if the private key is not accessible. Printed (a term widely used to refer to optically readable indicia, and which is not limited to the application of ink, and may also include etched or engraved) text has been used for over 400 years and is robust. However, printed text is only as durable as the media on which it resides, and is often susceptible to fading or accidental loss even when the user retains such written records.

Some embodiments of physical cards include metal cards having a credit card appearance, although other appearances may be used. Thus, some embodiments include rectangular physical cards of about 86mm (about 3 and 3/8 inches) by 54mm (about 2 and 1/8 inches), for example 85.60mm by 53.98mm, and which may have rounded corners with a radius of about 2.88mm to 3.48mm, in order to comply with the ISO/IEC7810ID-1 standard (the dimensions described may vary within plus or minus 10% or plus or minus 20% among other representations). Other example profiles may be a proportion or portion (e.g., half, transverse, or longitudinal) of a credit card profile. In some embodiments, physical cards, such as cards having dimensions similar to those described above, are simpler than electronic methods for less technically sophisticated users. The user experience is physically intuitive and familiar. Furthermore, physical cards are less likely to be accidentally discarded or lost. In some cases, the thickness of the card is between 0.1mm and 2mm, such as between 0.2mm and 1 mm.

In some embodiments, the physical card has a tamper resistant patch (or pair of patches) having at least two physical surfaces (e.g., top and bottom surfaces of a single patch, or top surfaces of a pair of overlapping patches), one of which is partially concealed by the other. Each surface may have a different but related code, such as a human-readable code or an optical code (e.g., a QR code, a bar code, etc., in some cases with redundancy of encoded information in the form of parity bits, Reed Solomon (Reed-Solomon) error correction, Turbo codes, Hamming codes (Hamming codes), etc., with sufficient redundancy in some embodiments to recover damaged bits or bytes of encoded information). When the card is in an inaccessible state (i.e., before access information corresponding to the private key has been rendered visible to or otherwise accessible to the user), the top surface may be exposed and may include an optical code (e.g., a QR code) that encodes a public key or a representation of a public key of a public-private (public-private) key pair of an asymmetric cryptographic algorithm. For example, in some embodiments, the optical code may correspond to a cryptographic hash address that corresponds to a public key. The cryptographic hash address may be generated from a public key (e.g., via a protocol of a decentralized computing platform, such as a blockchain-based computing platform, for generating a cryptographic hash address operable on the platform) and visible in an unaccessed state such that a digitally anonymous asset, such as a cryptocurrency, a commerce pass-through, or other asset (e.g., resident or tracked on the platform to which the cryptographic hash address corresponds) may be transferred to the address. In the unaccessed state, at least a portion (e.g., all, or more than 20%, more than 50%, or more than 90%) of the bottom surface on which the optical code is depicted is hidden (e.g., obscured, invisible, unreadable, or otherwise inaccessible) by the top surface. The obfuscated optical code may be an optical code different from the non-hidden optical code. In some cases, an optical code on the top surface (also referred to herein as the top component of the multi-component patch) encodes a representation (e.g., in plaintext or ciphertext) of a public key of a key pair (e.g., a public key that uniquely corresponds to a wallet address on one or more decentralized computing systems, which may be implemented by a blockchain-based protocol). In some cases, the optical code on the hidden surface encodes a representation (e.g., in plaintext or ciphertext) of a private key corresponding to a public key, such as from a key pair generated by one of the following categories of asymmetric cryptography techniques: Diffie-Hellman (Diffie-Hellman); a digital signature standard; elgarmar (ElGamal); elliptic curve technique; RSA, lattice-based cryptography, etc.

In some embodiments, when the card is in an inaccessible state, the user may add a digital anonymous asset, such as cryptocurrency, to the account based on the public access information of the exposed top component without having to view or otherwise access the private access information of the hidden bottom component. Thereafter, when the user wishes to access (e.g., transfer to a recipient wallet or address) the digital anonymous assets, the exposed top component can be removed to reveal a hidden bottom component that includes private access information (or a portion thereof) that can be used to transfer the digital assets. According to various embodiments disclosed herein, the user experience is greatly simplified relative to previous implementations, with the top component of the multi-component patch physically peeled away to reveal the bottom component of the multi-component patch including the secret. Also, with the disclosed embodiments of the tamper resistant patch configuration, the loss of privacy is physically apparent by visual inspection with the naked eye. Furthermore, the user does not need to remember a set of key recovery pass phrases, such as passwords that are often used electronically.

In various configurations of tamper resistant patches and physical cards, security issues can be mitigated. For example, the top component of the multi-component patch may include holes, channels, or other types of windows that lead to the bottom layer, such as the bottom component of the multi-component patch. Through this window, the unique identifier of the access information card combination provided on the bottom layer can be seen at the time of inspection. A corresponding unique identifier may also be provided on the top component and visible upon inspection, the identifier being displayed to allow a user to verify that the unique identifier corresponding to the top component matches the unique identifier of the exposed portion of the bottom component to ensure that the public access information matches the private access information provided on the respective component. The bottom component of the multi-component patch also includes contents that are hidden by the top component. The top component of the multi-component patch may be configured with one or more anti-tampering features, such as one or more anti-tampering layers and an adhesive for facilitating activation of the anti-tampering features. For example, lifting the top assembly from the surface to which it is adhered may facilitate a tamper-resistant effect in the feature, and by visual inspection, a user may determine whether the top assembly has been lifted to expose at least a corresponding portion of the underlying surface. In some embodiments, the tamper-resistant effect of a feature is selectively facilitated based on the surface to which it is adhered. In some embodiments, the first portion of the surface to which the top component is adhered comprises a front portion of the physical card and substantially surrounds the bottom component. In some embodiments, the second portion of the surface to which the top component is adhered comprises a hidden portion of the bottom component. In some embodiments, the adhesive adheres to the concealed portion with a first strength and adheres to the physical card with a second strength, the first strength being less than the second strength. In some embodiments, the first strength does not activate any tamper-resistant features of the top assembly. In some embodiments, the first strength is sufficiently strong to activate the first anti-tampering feature(s) of the top assembly, but sufficiently weak not to activate the second anti-tampering feature(s) of the top assembly. In other words, in some embodiments, the first strength may selectively activate at least one first anti-tampering feature but not at least one other anti-tampering feature. In some embodiments, the first strength is weak enough to substantially prevent adhesive residue. In some embodiments, the second strength is sufficient to activate at least one first anti-tampering feature of the top assembly. In some embodiments, the second intensity is sufficiently large to activate at least one other tamper-resistant feature that is not activated at the first intensity. In some embodiments, the second strength is sufficient to substantially maintain adhesion of the adhesive residue to the physical card.

In some embodiments, the hidden portion has printed thereon another optical code encoding ciphertext whose plaintext is a private key of the key pair. In some embodiments, the ciphertext is generated by encrypting the plaintext using a symmetric encryption protocol using an encryption key. Thus, for example, the encryption key resembles a pass phrase (passphrase) by which the private access information in the ciphertext can be decrypted to obtain the private access information in plaintext form. The physical card may include an encryption key that may be marked (e.g., engraved) on the physical card. In some embodiments, such as embodiments in which the bottom component includes ciphertext of the plaintext private access information, the unique identifier (e.g., corresponding to the same unique identifier visibly disposed on the top component and visibly disposed on the bottom component via a window of the top component) may similarly be marked (e.g., engraved) on the physical card, thereby ensuring that the private access information (in the form of the ciphertext) matches an encryption key (e.g., a similar passphrase) disposed on the physical card that may be used to decrypt the ciphertext to produce the plaintext private access information. The unique identifier may correspond to a serial number within a namespace of an issuer of the card. In some embodiments, the encryption key is concealed in a tamper-resistant manner, for example by concealing a tamper-resistant mask (e.g., a patch as may have multiple layers) that engraves the encryption key. In some embodiments, the tamper-resistant mask may include a scratch-off layer or one or more layers that are peeled away to reveal the underlying encryption key on the physical card through a tamper-resistant effect, thereby indicating to the user whether the encryption key has been accessed by another party. In some embodiments, the encryption key may be used to decrypt ciphertext through a corresponding symmetric decryption protocol to reveal the plaintext of the private key of the key pair. Thus, in some example embodiments, a user must activate at least one anti-tampering feature corresponding to a portion of the anti-tampering top component of the patch to reveal the ciphertext and activate at least one anti-tampering feature corresponding to a portion of the anti-tampering mask to reveal the encryption key in order to determine the private access information (e.g., the private key) in clear text.

Furthermore, in some embodiments, the physical currency card product is robust to supply chain attacks. In some embodiments, a tamper resistant patch, such as a manufacturer of a tamper resistant multi-component patch having a top component including public access information and a bottom component including private access information hidden by the top component, may never access the plain text of the private key because its encrypted representation is provided to the manufacturer as private access information. In other words, merely accessing the ciphertext representation of the private key may not be sufficient to obtain (e.g., access) the private key in plaintext form. Furthermore, the manufacturer of the patch need not have a physical card blank corresponding to the patch, let alone a physical card blank marked with a symmetric encryption key that is needed to decrypt the ciphertext of the private key included on the bottom component. Thus, the manufacturer of the patch cannot determine private access information corresponding to public access information (or even a public key when the cryptographic hash address is provided as public access information). Similarly, the card blank manufacturer need not own the patch, and can therefore be prevented from using any encryption keys in a malicious manner. In some embodiments, security may be increased by a final engraving step performed by the card issuer (or even another party after applying the patch to the card blank), rather than the card blank manufacturer. Thus, for example, in some embodiments, even collusion (collasion) between the patch manufacturer and the card blank manufacturer may not be sufficient to maliciously gain access to the private key generated by the card issuer. In addition, the private key, the ciphertext of the private key, and the encryption key may be maintained and discarded separately, and in some cases in stages, to prevent exposure to data combinations that malicious parties may use to infer private access information (e.g., plaintext private keys).

In some embodiments, the physical card may include a corresponding unique identifier that may be marked (e.g., engraved) on the metal card, the identifier being displayed to allow a user to verify that the unique identifier of the card matches the unique identifiers of the two components of the multi-component patch. Further, the issuer of the card (or other party) may use the identifier to match the patch with the corresponding card, which may match the deterministic information in some embodiments. For example, in some embodiments, the public key resolves deterministically to a set of wallet addresses, each of which may correspond to a different decentralized computing platform from which funds may be withdrawn given a corresponding private key. Once the issuer derives the set of addresses, the public key (in addition to the private key and encryption key) may be discarded, and the wallet address corresponding to the optical code set on the component of the multi-component patch may be associated with other wallet addresses in the set.

In some embodiments, the physical card may have information disposed thereon by which a user can verify the authenticity of the card or other information disposed thereon. For example, in some embodiments, an issuer (or other entity) may maintain a database and provide an interface through which a user obtaining a physical card can verify the authenticity of the card by confirming, via the database, that a portion of an encryption key (e.g., a symmetric key used to encrypt a private key) matches a unique identifier corresponding to the card or multi-component patch. As described above, in some embodiments, the unique identifier may be visible on at least two components of the multi-component patch, and also on the physical card, thereby reducing the risk of counterfeiting the card manufacturer providing a card with less robust security features (or a cryptographic hash address configured to transfer digitally anonymous assets to malicious party controls). In some embodiments, authentication does not rely on the entire encryption key, but instead relies on a portion thereof to save the remainder as an additional form of tamper resistance, the remainder remaining unchanged until it is changed when access to the digitally anonymous asset is desired.

Embodiments of the physical card may be both robust and affordable so that a user can budget by assigning different digitally anonymous assets or quantities thereof to different disposable cards, and upon withdrawal of at least some funds, the remainder may be migrated to a new cryptographic hash address or a different cryptographic hash address in a set of cryptographic hash addresses (e.g., wallets) corresponding to the new physical card. In some embodiments, the physical card is made of metal or includes a metal backing, or a metal insert, or a metal face of the card, or other attack-deterring material through which the scanning device is used to attempt to image information that is otherwise hidden by the tamper-resistant material. In some embodiments, one or more patches disposed on a physical card as described herein comprise a foil, insert, or other material that similarly resists such attacks.

Some embodiments include a computing infrastructure configured to support one or more features related to the use of physical cards that maintain access information for digital anonymous assets. Some embodiments include a server system that uniquely associates, on the server side, a unique identifier (or a hash thereof) with a portion of a passphrase, such as an encryption key, e.g., a symmetric encryption key, or a hash thereof (e.g., the first four values), in memory. In some embodiments, the server system exposes an API through which issued physical cards can be verified. For example, via an online interface or via a native application on the mobile device, the user may request through the API to query the server to verify the authenticity of the card and whether the other party has previously checked the verification of the card (e.g., which may indicate that the card has been compromised). Notably, the user may perform such a check before transferring the digital anonymous asset to the card. In some embodiments, a server system having an API is configured to receive a request including information, such as a portion of a passphrase, a unique identifier, or both, as a request from a user device for the API. In some embodiments, the server performs the first verification based on the local data. In some embodiments, the server performs a second verification based on the decentralized computing platform data (e.g., in some embodiments, the server may publish a count to an immutable data store of the decentralized computing platform, the count indicating the verification performed on the physical card). For example, the server may perform a verification to determine whether the cryptographic hash address associated with the card has been previously used (and the user may optionally perform the verification based on public access information that is visible without activating the tamper-resistant feature).

Embodiments of the server system may generate a response to the API request reporting the verification value. For example, a response to the API request may include a value indicating whether the information provided in the request matches a combination corresponding to a valid issued card (e.g., return a binary determination if both a portion of the passphrase and the unique identifier are submitted, return the unique identifier if the portion of the passphrase is submitted, or return the portion of the passphrase if the unique identification number is submitted). In some cases, the server can write the results of the verification performed on the physical card to an immutable data store (e.g., blockchain) or local database of the decentralized computing platform and initialize the verification count or increment the verification count for the corresponding physical card. For example, an existing (e.g., initialized) authentication count for a physical card may be incremented each time a subsequent authentication request is received involving the card received via the API. In some embodiments, for a new physical card when authentication is requested, a count is initialized and a value indicating initialization is returned (e.g., 0 authentications, #1 authentications, new cards authenticated, initialized, etc.) to indicate that the user is the first user to authenticate the card, and as a result, the card cannot be later considered a new card even if the tamper-resistant mask on the passphrase is replaced. For example, if the card's count has been initialized, the value returned for a subsequent authentication request (e.g., 1 authentication, authentication #2, previously authenticated card, etc.) indicates that one or more previous authentications have been performed for the card.

Some embodiments include a native application that may be executed on a user's mobile device. The native application may interface with an image sensor of the mobile device to detect and scan optical codes. The scanned optical code may be a QR code corresponding to a physical card (e.g., the QR code may be disposed on a patch affixed to the card) encoding an address based on a corresponding public key (e.g., an address for transferring ownership of a digitally anonymous asset recorded on a decentralized computing platform, such as a blockchain based decentralized computing platform, and the digitally anonymous asset may be a commercial pass or cryptocurrency). In some embodiments, the corresponding public key resolves to various wallet addresses on various blockchain networks. The native application may be configured to query the API of the server of the issuer of the physical card through the QR code to request one or more additional wallet addresses. Each wallet address may have an associated balance as indicated by transaction records in the blockchain of the decentralized computing platform. In some embodiments, the native application displays a user interface indicating a wallet balance corresponding to one or more addresses associated with the currency card. The native application may similarly be configured to scan an optical code corresponding to private access information, such as a QR code encoding a private key or ciphertext of the private key. In some embodiments, the national application determines whether the scanned QR code corresponds to private access information, and upon detecting that the private access information is scanned, the native application presents an interface through which the user may transfer funds from an address to which the private access information corresponds. In some embodiments, the interface provides a field for scanning a passphrase from a user or device that corresponds to encrypted private access information, for example, when a QR code encodes a ciphertext representation of a private key (access information). The passphrase may be a symmetric encryption key that may be used to decrypt ciphertext to obtain a private key in plaintext form, enabling transfer of digitally anonymous assets from an account when the private key is available to prove ownership of the account, for example, through digital signatures and authentication protocols of a decentralized computing platform.

Fig. 1A and 1B illustrate examples of currency cards including example tamper-resistant features and example authenticity verification features according to some embodiments. The example currency cards described with reference to fig. 1A and 1B may be physical currency cards and include various ones of the technologies described herein. For example, an example currency card may include one or more tamper-resistant features by which a user of the card may verify that private access information of the card has not been revealed to another party when checking the card.

FIG. 1A illustrates an example 100A of a physical currency card configured to manage account access information for digital anonymous assets, in accordance with various embodiments. As with the illustrated example card 101, a physical card may have dimensions that conform to or are similar to the ISO/IEC 7810ID-1 standard. Thus, some embodiments contemplate rectangular physical cards of about 86mm (about 3 and 3/8 inches) by 54mm (about 2 and 1/8 inches), for example 85.60mm by 53.98mm, and which may have rounded corners with a radius of about 2.88mm to 3.48mm, and which may have a thickness of about 0.70mm to 0.86mm, such as 0.76 mm.

Card 101 may include a card blank 105, which card blank 105 has dimensions similar to those described above and may be constructed, in whole or in part, of a material such as metal or plastic. For example, the card may be entirely metallic, entirely plastic, or a combination thereof. In some embodiments, the card blank 105 includes at least one layer of metal having a thickness of at least 1/3 a of the card thickness, such as a 0.20mm to 0.25mm metal layer, which may be the front side of the card. In other embodiments, the card blank 105 may be entirely of a metal construction. In some embodiments, the card blank 105 has a structure that allows laser engraving of the front face of the card blank. For example, as shown, unique identifier 107A may be laser engraved to a card, such as the front side, of card blank 105. Other information, such as a passphrase, e.g., an encryption key (not shown), by which one or more cryptograms corresponding to the card are generated, may also be laser engraved into the face of the card blank 105, and may be hidden by the mask 140 after engraving.

An example of a metal for the card blank 105 may include a density of 4.506g/cm³Or a density of 2.7g/cm³One or more of aluminum (b). Other exemplary metals may be alloys, such as aluminum alloys, for example, having a density of about 2.7g/cm³6061 aluminum or a density of about 2.81g/cm³7075 aluminum. Steel (e.g., stainless steel 304, 409, 630, etc.) and titanium (e.g., Ti6Al4V, Ti6-4, etc.) as well as other metal alloys are also suitable.

In some embodiments, the metal or alloy for the card blank 105 is selected based on one or more properties of the patch 120, or the properties of the patch are selected based on the metal or alloy for the card blank. For example, in some embodiments, the selection of metals is the same, or different, in order to obfuscate private access information provided on the patch to prevent scanning or other imaging attacks. For example, the layer of the patch (over the private access information) may include a reflective metal embedded therein, and the metal may be selected based on the material of the card, or vice versa. Similarly, the layer of the patch (under the private access information) may include a reflective metal embedded therein that is different from or the same type as the top layer. When card 101 is subjected to a non-destructive attack (e.g., scanning), one or more layers of the patch including the metal embedded therein and the metal selected for blank 105 may significantly obfuscate the private access information. In other words, the configuration of the card blank 105 (discussed in more detail below) and the patch may be such that a user (malicious or otherwise operating) must activate one or more anti-tampering features of the card to obtain private access information, which thereby indicates to other users that the private access information is no longer private.

In some embodiments, different layers of the patch 120 may have different dimensions, e.g., a first layer or a first set of layers may have a length, width, radius, etc. of a first dimension (e.g., size) that, when applied (e.g., when applied to a face of a physical currency card), corresponds to a first area having a similar dimension or size. In some embodiments, the second layer or second set of layers may have a length, width, radius, etc. of a second size (e.g. size) that, when applied (e.g. when applied to a face of a physical currency card), corresponds to a second area of similar size or dimension. The dimensions of the second layer or the second set of layers may be configured such that they extend beyond the dimensions of the first set of layers, for example beyond at least a portion of the perimeter of the first set of layers, for example 60% to 90%, or even 100%, to encapsulate (e.g. envelope), cover, hide, enclose or otherwise hide an area (e.g. having dimensions corresponding to private access information) of the first set of layers. In some embodiments, the window portion is formed in a second layer or second set of layers through which information can be seen via the window (e.g., whether through a window cut, a cutout window cut, or through a transparent window or a transparent window cut). In some embodiments, the information corresponds to the common access information set on a portion of a first layer (e.g., within an area having a size corresponding to the common access information) in the first set of layers. However, in some embodiments, the first layer or first set of layers may include a tab-like extension that includes common access information configured to extend beyond a perimeter of the second layer or second set of layers without any physical windowing of the second layer or second set of layers. The different layers may comprise different materials, such as different films or disposed materials, whether coatings or adhesives, and the thickness (or depth normal to the surface) of the different layers may vary based on the thickness of the films or disposed coatings or adhesives.

In some embodiments, a color plate having dimensions similar to the dimensions of the patch 120 may be laser engraved into the front side of the card 101. For example, the color plate may be laser engraved in the metal face of the card or the plastic face of the card, or otherwise applied (e.g., by otherwise applying the color plate, by material selection, or otherwise) to the face of the card where the patch 120 is to be applied. The colored sheet regions may have a root mean square surface roughness greater than the non-colored sheet regions to promote adhesion of an adhesive, such as an adhesive layer or an adhesive disposed. For example, the surface roughness measured by a profilometer in the area of the color palette may be 50% higher than other portions with smoother finishes. Since the front side of card 101 may substantially correspond to the size of the color plate (e.g., the front side may be fully or substantially configured like the color plate), the above-described configuration of the color plate should not be construed as limited to a particular area or size (e.g., size). For example, the card blank 105 may be manufactured with a rough cut finish, anodized, or otherwise chemically etched to include a matte finish (e.g., matte finish) rather than a polished finish. In other words, there is no need to locate the sample sheet surface to the location where the patch is applied. The color plate may be a pattern (or surface type, such as a matte finish, whether laser engraved, chemically etched, coated, or otherwise fabricated to include a surface type or pattern other than a polished surface) of low depth to promote adhesion of an adhesive (e.g., the adhesive layer of the backing patch 120) to the smooth surface. For example, a patch 120 having an adhesive layer backing the patch may be applied to the card blank 105 and the adhesive of the patch may securely contact the color plate. In some embodiments, the pattern of the color plate has a depth relative to the face of less than 0.05mm, and the depth may be about 0.005mm to 0.010 mm.

As described above, information may be engraved on the surface of the card blank 105. Examples of information may include the unique identifier 107A, an encryption key (e.g., covered by the mask 140), and other information described herein. For example, the unique identifier 107A may be engraved or stamped to a depth of less than 0.20mm, such as 0.02mm to 0.15mm, or about 0.07mm to 0.08mm in some embodiments. In some embodiments, the engraved depth of the encryption key may be shallower than the unique identifier, but may be a larger face, the depth being selected to provide readability but reduce the suitability of some scanning or other tampering (e.g., such as pressing the mask 140 into the etch to determine the key). In some embodiments, the encryption key is etched to a depth of about 0.02mm to 0.04mm, although other embodiments may use the same depth as the unique identifier 107A. Next, the mask 140 may encapsulate (e.g., envelope, cover, hide, encapsulate, or otherwise hide) the encryption key disposed on the surface of the card.

In some embodiments, physical card 101 includes a tamper resistant patch 120 having at least two physical component layers adhered to card blank 105 (e.g., to include unique identifier 107A and other information described herein) that may be engraved, and each component layer may include one or more layers. For example, the tamper resistant patch 120 may include two component layers or components, and each component may have one or more layers. In some embodiments, at least one component, such as a bottom component, is partially concealed by a top component. For example, the bottom component may include private access information printed thereon that is hidden by the top component. At least the top component may include one or more tamper-resistant features such that, through visual inspection, a user may readily determine whether private access information has been accessed (e.g., compromised) or is secure (e.g., has not been compromised). For example, a tamper-resistant pattern may appear in at least a portion of the component when the component is lifted from a surface to which it is adhered with a threshold strength, such as a palette area of the card blank 105 (e.g., to view hidden information).

As shown, the patch 120 is applied to a face (e.g., front face) of the card blank 105. As described above, in some embodiments, the patch 120 may be applied in the location of a color panel on the front side of the card blank 105. The color plate may facilitate adhesion of the adhesive of the patch 120 to the material of the front side of the card 101 (e.g., metal, plastic, composite, etc., as described above). Embodiments of the patches 120 may include one or more anti-tampering features, at least one of which may be activated when a portion of the patch 120 adhered to the front of the card 101 is lifted from the front of the card. For example, the patch 120 may include a component 121 within which a tamper-resistant pattern appears when the component 121 is lifted 125 from a surface (e.g., the front of a card) to which it is adhered, and the configuration of the color plate may facilitate the appearance of the tamper-resistant pattern via an adhesive that strongly adheres to the color plate. In some embodiments, the tamper-resistant pattern is configured such that the appearance of the patch 120 cannot return to its original appearance after the assembly 121 is lifted 125 from the card blank 105. In some embodiments, assembly 121 may be configured such that at least one layer (e.g., an upper layer) remains relatively intact, wherein the tamper-resistant pattern is revealed due to a bond-promoted destruction of the underlying layer in the lower layer of the assembly when the assembly is lifted 125 from card blank 105. In some embodiments, component 121 may be configured such that: as the assembly is lifted 125 from the blank 105, the layers across the cross-section of the assembly are broken in at least some portions of the assembly. In some embodiments, combining the above aspects, for example, a first portion of the component 121 may be easily torn when lifted 125, while another portion may not be easily torn but reveals a tamper-resistant pattern when lifted 125.

In some embodiments, as described above, the component 121 is configured to reveal the tamper-resistant pattern when the corresponding portion of the component is lifted 125 from the surface to which it is adhered with sufficient strength. For example, in some embodiments, the surface (e.g., the color plate, the material of the card blank 105, or a combination thereof) to which at least some portion of the component 121 is adhered reveals the pattern by promoting adhesion of sufficient strength to result in revealing the tamper-resistant pattern. Note that this does not necessarily mean that the assembly 121 is difficult to lift from the card blank 105, but means that the assembly is difficult to remove without being tamper-resistant. For example, the adhesive used in assembly 121 may be colored (e.g., silver) and pulled away from the lifted assembly, revealing the pattern. Several non-limiting examples of the components 121 of the patch 120 may include one or more of the features outlined below:

example components may include one or more layers, such as one layer, two layers, three layers, four layers, or more layers. At least one layer of the assembly, e.g., a bottom layer, can include an adhesive that is operable to adhere to at least one surface, such as a surface of a card blank. In some embodiments, the adhesive may be an adhesive layer applied to the roll of film during manufacture and subsequent layers added thereto to form a multi-layer assembly. In some embodiments, the adhesive may be applied to a layer, which is then applied to a roll of the patch, and other layers added thereto to form a multi-layer assembly. In either case, at least one layer, such as a bottom layer of the component, can include an adhesive such that the component can be attached to a surface. In some embodiments, an adhesive may be applied to a surface to which the components are attached, for example a face of a physical currency card, and one or more layers or components are adhered thereto by the adhesive disposed on that surface. Examples of the adhesive may include a glue, such as an oil-based glue or other suitable glue, examples of which may include an organic (e.g., oil), water, or other solvent-based that mixes with the corresponding adhesive to create the adhesive application solution. For example, a polymer (whether synthetic or natural) or resin binder may be dissolved in a corresponding solvent base for a given application. In some embodiments, the adhesive layer includes a tamper-resistant structure, which may be formed in the adhesive layer, or in a layer through the cover film. In some embodiments, the adhesive layer is an adhesive film, which may have been selectively patterned to create different bond strengths to the surface of the component or film layer in contact with the adhesive.

In some embodiments, the layer is a polymeric film, for example a polypropylene (PP) or Polyester (PET) film, such as an oriented film, which may be biaxially oriented. The orientation of the film may be proportional to the orientation to thin the starting film, which may also be referred to as the stretch ratio. For example, to obtain a finished film of 1 mil (where 1 mil is 1/1000 inches, or 0.0254mm) at a stretch ratio of 5: 1 in a first direction (e.g., the machine direction), a 5 mil polymer film may be proportionally stretched in the first direction (e.g., to about 5 times the starting length). For biaxially oriented films, to obtain a 1 mil finished film having a 5: 1 stretch ratio, a 25 mil film may be stretched proportionally in a first direction and a second direction (e.g., stretched approximately 5 times the starting length and width in both the machine direction and the transverse direction). Thus, for example, in some cases, the layer may be a biaxially oriented polypropylene (BOPP) film or a Biaxially Oriented Polyester (BOPET) film, which may be greater than 100 inches wide, or greater than 300 inches wide, and many times longer in length, such as at least the length of the roll on which the patch is made. In some cases, one layer may be a PET layer or a BOPET layer, while the other layer may be a PP layer or a BOPP layer. Thus, when a layer is described as a PET layer, such as a layer formed from a PET film, it is to be understood that the layer may be formed from a PET film (e.g., which may be unstretched or stretched in one dimension relative to the base PET film) or a BOPET film (e.g., which is stretched in two dimensions relative to the base PET film), unless otherwise specified; and when a layer is described as a PP layer, for example from a PP film (e.g. which may be unstretched or stretched in one dimension relative to the base PP film) or a BOPP film (e.g. which is stretched in two dimensions relative to the base PP film), unless otherwise indicated. Further, in some embodiments, the PP film or the PET film may be replaced with Polyethylene (PE) or other applicable films.

In some embodiments, the film is metallized. In some embodiments, multiple films are used, some of which may be different films (e.g., one layer is a PP film and another layer is a PET film) to obtain different features or attributes in one component. For example, PP or PET films may be vacuum metallized (e.g., as vapor deposited) or embedded in a metal foil. In some embodiments, a vacuum metallization process may be used to increase resistance to moisture ingress. In some embodiments, the perfume or other compound may be disposed in the film (e.g., by a vacuum process), such as within a PP film, whereby scratching the film when used as a top layer releases (or exposes) at least some of the perfume or compound to increase perception of odor. In some embodiments, the film has a thickness in the range of 0.3 mils to 1.5 mils, although other thicknesses may also be used. In some embodiments, PET film is less flexible than PP film for the same thickness, and as a result, PET film may provide greater stability in printing than PP film. Thus, in some embodiments, at least one PET film is used for at least one layer such as a component in an underlying layer of the component prior to printing information (e.g., optical codes, text, graphics, etc., as described herein) on which the information is printed and after printing the information another film (e.g., PP or PET) layer is subsequently applied. Thus, for example, an adhesive layer (which may have an adhesive structure for displaying a pattern) may be formed or applied to the lower PET layer on which information is printed, and a subsequent upper layer may be applied to protect the lower PET layer (e.g., to protect information printed on the lower layer). For example, in some embodiments, the upper layer of the assembly may be a PET layer, or in some embodiments, the upper layer of the assembly may be a PP layer.

In some embodiments where the patch 120 is a multi-component patch, the bottom component that includes private access information may include a lower PET layer (e.g., for printing and durability) and an upper PET layer (e.g., for durability), and the top component that includes public access information may include a lower PET layer (e.g., for printing and durability) and an upper PP layer (e.g., for impregnating fragrance, or metal for enhancing moisture or scanning resistance). Thus, as outlined herein, various combinations of films and techniques can be used in different layers to obtain different component configurations for different components of a multi-component patch. For example, the moisture, oxygen, ultraviolet, heat, and other environmental resistance properties of the film may be considered to provide a desired configuration of layers in the assembly. Further, for example, the strength and durability of the film or material layer, whether by virtue of the material or construction of the film or layer (e.g., PP, or PET, or PE or other compound and whether stretched in a single direction or biaxially stretched), may be considered to provide a desired configuration, e.g., whether a given layer should cleanly peel, rupture, or otherwise interact with the adhesive to provide tamper resistance. Example beneficial attributes of PET films, such as BOPET films, may include dimensional stability, thickness uniformity, and transparency; and example beneficial attributes of PP films, such as BOPP films, may include transparency and moisture resistance.

In addition to the above examples, exemplary films and techniques consistent with the disclosure of components and layers thereof for a multi-component patch may include one or more upper films or substrates (e.g., PET-type films and substrates such as chrome polyester or polyethylene terephthalate polyester, PP-type films and substrates, vinyl films and substrates, ceramic films and substrates, or other films or substrates, which may optionally be embedded with chrome or metal (e.g., metallized), which reduces certain scanning or imaging techniques for determining the information of hidden portions, and embedded fragrances by which a user may determine authenticity) and lower films or substrates having an adhesive pattern portion (which may be an adhesive layer applied to a base layer, or an adhesive applied to a base layer, or inherent to a base layer or in a base layer or adhesive layer whether facilitated by laser, cutting, or other applicable processes) such as diamond, hexagonal, or square disk chess patterns (e.g., one of the above films or substrates, or an adhesive film or substrate). In various embodiments, the adhesive pattern portion of the base layer is such that when the substrate top-coated portion of the substrate is peeled away, the underlying pattern portion remains. Next, the patch 120 cannot be resealed or reused to the original appearance, and thus is visibly tampered with if the user attempts to determine the information on the hidden layer of the patch 120.

In some embodiments, the component comprises a PP, PET, or vinyl film or a destructive layer of the substrate that is easily torn and torn (e.g., inherent to the substrate or facilitated by the manufacturing process, such as via perforations or cuts in the substrate), and once adhered to a surface, is breakable in the sense that it cannot be removed in its entirety. For example, a strong adhesive used in conjunction with a breaker layer can cause the substrate to break easily into pieces of material and mean that the layer is difficult to remove (e.g., from the color plate portion without leaving behind debris, but it can be easily removed without tearing from some other surface, such as the surface of the base assembly). Next, such a top component of the patch 120 cannot be resealed or reused to the original appearance, and thus is visibly tampered with if a user attempts to determine information on the hidden bottom component of the patch 120 or information that is otherwise hidden by the top component. In some embodiments, the adhesive layer includes similar properties, such as patterns that are lifted in the layer, and some of the patterns peel away with the base layer while other patterns remain adhered to the surface to which the component is applied. In some embodiments, the assembly includes a layer of PP, PET or vinyl film or substrate that contains a concentration of light refracting elements for increasing the difficulty of counterfeiting, scanning or duplicating the assembly. In some embodiments, the assembly comprises a foil film or substrate (which may be a metallized film or foil), such as a holographic foil or film, having prismatic effects and patterns that deter counterfeiting or copying.

In some embodiments, the assembly includes one or more relatively transparent portions of one or more layers, such that an adhesive or adhesive residue, which may be colored and configured to reveal the pattern when the assembly is lifted from the surface, adheres the assembly to reveal the pattern. The transparent or relatively transparent portion enables a user to discern at least some information (e.g., underlying information) through the material, for example, by visual recognition, such as a pattern visible at 1 foot to 3 feet or underlying text in 8pt to 12pt fonts readable at 1 foot to 2 feet. For example, residues of adhesive layers or adhesives for layers may result in: within the transparent portion of one or more other layers of the assembly, a highly visible pattern of shapes (e.g., a checkerboard pattern) is left behind when the assembly is lifted from the surface to which it is adhered (e.g., with sufficient strength, such as to adhere to the material of a card, but may adhere to some other surface, such as the surface of the bottom assembly, the pattern within that portion may not be revealed — in some cases, this may readily convey that the top assembly is lifted by including some portions of the pattern but not others). Such an adhesive may be colored so that the shape is visible. As noted above, some relatively transparent portions (e.g., no or minimal printing in those areas) are used in conjunction with such an adhesive such that the shape (or pattern, or in other embodiments, tear in one or more layers, such as a bottom layer) is at least partially visible on the component when the component is lifted from the surface. In some embodiments, portions that do not correspond to shapes (or patterns, or in other embodiments, tears in one or more layers) lifted with the component remain on the surface to which the component is adhered, such that removal of the component on both the component and the surface to which it is applied is a noticeable tampering. In some embodiments, when the component is lifted from the surface, the adhesive or layer of the component is stretched (e.g., in a pattern or shape), torn, or at least partially visibly altered (e.g., destroyed) in the component or on the surface to which the component is adhered, such that an attempt to match a tamper-resistant feature visible in the component (or portion thereof) lifted from the surface with a corresponding tamper-resistant feature visible on the surface (e.g., in an attempt to reposition and re-lay or adhere the component (or portion thereof) back to the surface) does not restore the component to an original state upon visual inspection. For example, there may be gaps or other visible tamper-resistant features (as compared to a uniform appearance in an unaltered state) that leak attempts to replace the component after tampering has occurred. Thus, in some embodiments, the components of the patch 120 cannot be resealed or reused to the original appearance, and thus are visibly tampered with if a user attempts to determine information that is hidden by the component, such as private access information.

Further, in some embodiments, in addition to the at least one anti-tampering feature, the components of the patch 120 may include a EURion constellation pattern, or other pattern configured to cause imaging software to detect the presence of the components of the patch 120 in the digital image. In some embodiments, where the patch is a multi-component patch 120, one or more components (with or without tamper-resistant features) may include a EURion constellation pattern, or other pattern configured to cause imaging software to detect the presence of components of the patch. Such software may prevent the user from copying the patch 120 or components thereof. For example, when generating the tiles 120, the EURion constellation pattern or other pattern may be printed on the component 121 along with other information. Similarly, in addition to the top component 121, the EURion constellation pattern or other pattern may be printed on another component of the multi-component patch 120, such as the undelayed bottom component 130 (which may also be a second bottom layer patch).

One or more of the above configurations may be used alone or in combination to construct the patch 120. In some embodiments, as described above, the patch 120 may be a multi-component patch, and one or more of the above configurations may be used alone or in combination to construct a given component of the multi-component patch. The different components may be constructed separately (e.g., as separate patches) and combined together prior to application or applied sequentially to form the multi-component patch 120. Alternatively, in some embodiments, the multi-component 120 patch may be formed by constructing a first, bottom layer bottom component and constructing a second, overlying top component thereon. Regardless of the particular method of construction, embodiments can use different configurations for different ones of the components to construct a multi-component patch. Thus, in general, as mentioned herein, a given component may have a relatively discrete function (e.g., including some component-specific information and one or more features selected from tamper-resistant features, scan attack mitigation features, or copy prevention features, depending on the function) as compared to another component.

In some embodiments, at least some of the information disposed on the card blank, such as information corresponding to private access information, may be shielded 140. The screen 140, such as the component 121 of the patch 120, may include one or more anti-tampering features. For example, the screen 140 may have one or more layers with a similar configuration as the component 121. In some embodiments, the mask 140 is a patch having dimensions (e.g., length and width) that may be used to enclose (e.g., envelope, cover, conceal, enclose, or otherwise hide) an area of the card blank 105 on which information corresponding to the private access information is disposed, such as an area within which an encryption key or passphrase that may be used to access the private access information is engraved or otherwise disposed on the card blank. For example, an embodiment of the mask 140 may include a layer having a similar structure by which a tamper-resistant pattern appears within the mask's component 145 to provide a tamper-resistant mask that conceals the encryption key engraved on the card blank 105. In some embodiments, such as by a multi-component mask having a top component that is revealed when the pattern is lifted, the mask 140 may include two tamper-resistant features and include a window to a bottom component having a scraping surface by which a hidden encryption key may be revealed, and the top component may surround the bottom component with some overlap (e.g., a first portion of the top component overlaps the bottom component, such as around the window, and a second portion is adhered to the card blank 105). In some embodiments, the screen 140 includes a component 145 having a scratch surface layer through which a hidden encryption key may be revealed. For example, the assembly 145 can include multiple layers, such as an adhesive layer, a base layer, and a scratch layer or material disposed on the base layer. In some cases, the adhesive and the bottom layer may be transparent such that removal of the scratch-off material reveals the information hidden under the screen 140. In some embodiments, the assembly 145 of the screen includes a destructive tamper-proof feature in addition to scraping the top layer to prevent the revealing of hidden information by scraping away material. For example, one or more layers of the assembly 145 of the screen 140 may be perforated or cut to promote tearing when lifted.

As described above, in some embodiments, the tamper resistant patch 120 includes at least two physical components, one of which is partially concealed by the other. The top, exposed component 121 may include an optical code (e.g., QR code) portion 123. In some embodiments, the optical code portion 123 includes an optical code printed within the portion that encodes an address corresponding to a public key of a public-private key pair of an asymmetric encryption algorithm. In some embodiments, the optical code printed within the portion may encode the public key (e.g., instead of or in addition to the corresponding address). In either case, printing within the optical code portion 123 may occur on a component 121 of the patch 120, such as a top component visible to a user. In some embodiments, the exposed top component 121 of the patch 120 may include an alphanumeric portion 129. The alphanumeric portion 123 may include information printed thereon that corresponds to information encoded by the optical code within the optical code portion 123. For example, the QR code printed within the optical code portion 123 may be an encoded version of the alphanumeric string printed within the alphanumeric portion 129. In some embodiments, both may be addresses corresponding to public keys in a public-private key pair. Alternatively, in some embodiments, optical code portion 129 may be an encoded public key and alphanumeric portion 123 is a plaintext form of address, or optical code portion 129 may be an encoded address and alphanumeric portion 123 is a plaintext form of public key.

The top exposed component 121 may also include a unique identifier portion 107B. The unique identifier for the top component of the patch 120 may be printed within the unique identifier portion 107B. The top exposed component may also include a window portion 127A through which a portion of the bottom component 130 of the multi-component patch 120 may be seen, while other information corresponding to one or more other portions of the bottom component of the patch 120 remains hidden. The unique identifier may correspond to a serial number within the name space of the physical currency card issuer so that the card issuer can ensure a match of components of the multi-component patch 120 having different information on different components and a match with the blank 105 having different information etched thereon. For example, the unique identifier 107A may be etched on the card blank 105, printed 107B on the top component 121, and printed 107C on the bottom component 130, within the portion visible from the window portion 127A of the top component. Thus, for a completed card 101, the set of top components 121 may include visible public access information, while bottom component 130 may include hidden private access information, the combination of which, when matched to a unique identifier, may be used to receive and access a digitally anonymous asset for an account based on the private access information of bottom component 130 (it is evident that the digitally anonymous asset is compromised via an embodiment that removes top component 121 including one or more tamper-resistant features). In some embodiments, as an additional layer of security, the set may include information about card 101, in addition to the components, for example, by card blank 105 having an encryption key or passphrase etched thereon, which may be used to obtain plaintext private access information from ciphertext private access information on bottom component 130, and which may be matched with the corresponding component by a unique identifier.

In some embodiments, the window portion 127A of the top exposed layer is aligned with the unique identifier portion 130 of the lower layer of the patch 120 such that the unique identifier is visible within the window. In the assembly of the patch 120, the top exposed layer substrate 121 may be aligned with the underlying layer and the information printed on the top exposed layer matches the information printed on the underlying layer based on the unique identifier printed within the unique identifier portion 130 of the underlying layer. Thus, for example, the unique identifier printed on the lower layer may correspond to the unique identifier printed on the exposed layer on top of the patch 120, which correspondence may be visually verified by the user through matching of the printed unique IDs via window 127A. Next, the patch 120 may be applied to the card blank 105, and the card blank 105 may be etched with a unique identifier to indicate that the information etched on the card blank 105 corresponds to the information printed on both layers of the patch 120.

As described above, the QR code printed within optical code portion 123 may be an encoded version of the alphanumeric string printed within alphanumeric portion 129, e.g., both may be addresses corresponding to a public key, or in some cases, may be a public key. In some embodiments, the address may be generated using a public key of a public-private key pair. In some embodiments, the card issuer may generate, by the server, a plurality of addresses for different decentralized computing platforms based on the public key, such as a set of addresses corresponding to a set of decentralized computing platforms, corresponding to which the corresponding addresses are available to receive the digitally anonymous assets associated with the respective decentralized computing platforms. In some embodiments, for example within the optical code portion 123 of the component 121 of the patch, one address may be printed on the patch 120 and a server (e.g., of a card issuer) may be queried by the QR code-based optically read information so that other public key-based addresses or public keys may be retrieved (e.g., without accessing private access information hidden by the component 121). In some embodiments, one or more addresses are printed on component 121. In some embodiments, the public key is printed on component 121. In some embodiments, the public key is printed on component 121 along with the address. In some embodiments, the public key is etched on the card, for example under a mask such as mask 140, so that if component 121 is discarded, the user can retrieve the public key if necessary. Further, in some embodiments, private access information such as an encoded private key or private key may be encapsulated (e.g., enveloped, covered, hidden, encompassed, or otherwise hidden) by component 121. For example, in various embodiments, private access information may be included on a portion of the bottom component 130 of the multi-component patch 120 that is hidden by the top component 121 of the upper portion of the patch that includes public access information. However, in some embodiments, private access information (e.g., private access information included on bottom component 130 hidden by top component 121) may alternatively be engraved on a portion of card blank 105 and hidden by one or more components of patch 120 (e.g., at least one component 121 having tamper-resistant features). In some embodiments, the card blank 105 is engraved with private access information (e.g., by an optical code or by alphanumeric text) that is repeated with the base component 130, which in some embodiments may provide a means to obtain the private access information in the event that the patch base component is damaged (e.g., due to wear, moisture, fire, or other environmental exposure). Other non-invasive methods of the components of the patch to prevent scanning or otherwise determining private access information printed on the components of the patch 120 (e.g., on the bottom component 130) may also mitigate attempts to determine engravings or etchings in the card blank 105 having a depth below a threshold. Alternatively, in some embodiments, the engraving or etching may be filled with a material of similar density, reflectivity, or both, such that scanning or other non-invasive methods are unable to determine the information disposed on the card blank 105 (similar precautions may also be other information for disposing on the card blank, such as information engraved or etched under the mask 140).

As described above, for example, an address within portion 123 or portion 129 of card 101 may be used within the decentralized computing platform to receive a transfer of a digital anonymous asset of the decentralized computing platform, such as a transfer resulting from a user of the decentralized computing platform submitting a transaction on a corresponding platform. An example transaction, such as from an address generated by a user based on a public key for which the user also holds a corresponding private key, may transfer an asset, such as funds, to a specified address (e.g., an address corresponding to card 101). In some embodiments, an address is generated for a given decentralized computing platform based on a public key of a public-private key pair according to an address protocol (or format) specified by the given decentralized computing platform. For example: the private (private) key and corresponding public key of a given key pair may, for example, generate the address of a given platform (e.g., the bitcoin blockchain in the following example) by: obtaining a corresponding public key (e.g., 33 bytes, 1 byte 0X02 (even in v-coordinate), 32 bytes corresponding to X-coordinate) generated with a key, hashing the public key (e.g., SHA256 cryptographic hash function), hashing the result of SHA-256 (e.g., truncated by ripemm-160 cryptographic hash function), adding a version byte (e.g., 0X00 represents a bitcoin on a bitcoin blockchain, or other version byte, as some blockchains may support different versions of digitally anonymous assets or variations of different addresses) in front of the ripemm-160 hash, hashing the result of the now extended truncated hash (e.g., SHA-256 hash), hashing the result (e.g., subsequent SHA-256 hashes), obtaining a first X (e.g., 4) byte checksum of the second hash result, and adding 4 checksum bytes at the end of the previously extended ripemm-160 hash to generate an address (e.g., a 25-byte binary bitcoin address). In some embodiments, a25 byte binary address may be converted to a string of bytes, such as a Base58 byte string, by Base58Check encoding to produce an alphanumeric bitcoin address. Here, specific examples of version 1 Bitcoin addresses are outlined in "Technical background of version 1 Bitcoin addresses", which was obtained at the filing date of the present application and is incorporated herein by reference from https: it/wiki/Technical backsground of version 1 bitchoice addresses, copies of which are included in the information disclosure statement filed with the application.

Other platforms may use similar steps but in a different order, different version bytes or other variations such as hash order, truncation, etc., but may similarly be determined based on the public key of a given platform's key pair. For example, some decentralized computing platforms may have different address protocols with different checksums, different truncations (e.g., first or last value), different prefixes, different one-way hash functions, and so on. In some embodiments, generating the set of addresses by the publisher's server or computing system comprises: forming one or more addresses based on the public key by deterministically generating one or more first addresses in the set of addresses based on a Keccak-256 hash, the Keccak-256 hash based on a public encryption key; a second address of the set of addresses based on a RIA-256 hashed RIPEMD-160 hash, the SHA-256 hash being based on the public encryption key, the second address also being based on a checksum, the checksum being based on the RIPEMD-160 hash, and the second address having a Base58 encoding based on the first dictionary; and a third address in the set of addresses having a Base58 encoding and a checksum, the Base58 encoding and checksum both based on the common encryption key, the Base58 encoding of the third address based on a second dictionary different from the first dictionary.

The card issuer's server may store a set of one or more addresses that correspond to given public keys of issued cards of different platforms, such that a user owning an issued card may query the service to retrieve addresses of multiple platforms to transfer assets to corresponding addresses based on the public keys (and later access these digitally anonymous assets, e.g., the transfer of the original held digitally anonymous asset, by accessing the card's private access information to obtain corresponding private keys).

In some embodiments, when a user wishes to access those digital assets, the user can access private access information hidden by the component 121 by lifting 125 and peeling the component 121. The stripping component 121 exposes information hidden thereunder, such as private access information corresponding to public access information printed on the component 121 (e.g., within the optical code portion 123 or alphanumeric portion 129 or another address from a set of addresses generated based on a public key). For example, private access information may be printed on the bottom component 130 and visible once the top component 121 is removed. In some embodiments, the user may also strip, scratch, or otherwise interact with the mask 140 to reveal an encryption key by which the ciphertext private access information may be decrypted to obtain plaintext private access information, such as a private key. The user experience is greatly simplified compared to the previous implementations, with the components 121 of the patch being physically peeled (or peeled) to reveal the secret. Also, with the disclosed embodiment of the tamper-resistant feature of assembly 121, the loss of privacy is physically apparent by visual inspection with the naked eye. Furthermore, the user does not need to remember a set of key recovery pass phrases, such as passwords that are often used electronically.

FIG. 1B illustrates an example 100B of a physical currency card configured to manage account access information for digital anonymous assets, in accordance with various embodiments. Embodiments of the example 100B of a physical currency card may include a different configuration of window 127B and screen 140 than the example in FIG. 1A. Various examples may be combined, such as the mask described with reference to fig. 1B in combination with the window described with reference to fig. 1A, and vice versa.

As shown in fig. 1B, the example window 127B is a cut-out portion of the component 121 that extends to an edge of the component 121 of the patch 120. In other words, in contrast to the example window 127A shown in FIG. 1A, the example window 127B of FIG. 1B is not completely surrounded by the component 121. Thus, bottom component 130 may have an edge or perimeter portion that is not overlapped by top component 121, while top component 121 extends over another edge or perimeter portion. Other example window configurations may also be used, or in some cases, bottom component 130 may extend beyond the boundaries of top component 121, e.g., a label, which may correspond to unique identifier portion 107C on which unique identifier portion 107C the unique identifier is printed and visible when inspecting card 101.

Also shown in fig. 1B, the example screen 140 includes a first portion 140A and a second portion 140B. In some embodiments, the first portion 140A corresponds to a verification code (e.g., a first portion of an underlying encryption key or passphrase) by which the card 101 can be verified without revealing the second portion 140B (e.g., the remainder of the underlying encryption key or passphrase). In some embodiments, the components 145 of the shroud 140 are marked to indicate different portions. For example, the component 145 may be visibly perforated and optionally include printed information indicating that the first portion 140A may be removed to reveal the captcha portion of the encryption key without removing the second portion 140B to reveal the remaining second portion of the encryption key. In another example, the scratch-off surface of the component may be printed to indicate the different portions and include printed information indicating that the material corresponding to the first portion 140A may be scratched off to reveal the passcode, but the second portion 140B need not be scratched off before the user desires to obtain private access information.

FIG. 2 illustrates an example 200 of a currency card including a captcha component that encrypts a passphrase and a corresponding tamper-resistant mask, in accordance with some embodiments. In contrast to the example of fig. 1B (or fig. 1A), fig. 2 illustrates the removal of a portion of the screen 140.

The components 145 of the screen 140 may be tamper-resistant such that removal of a portion 140A of the screen (whether by lifting or scraping the surface of the component) is evident upon visual inspection. As shown, a first portion 140A of the mask has been removed to reveal the hidden information, while a second portion 140B of the mask remains intact. As described above, the first portion 140A of the mask has been removed by a variety of methods, such as by scratching the surface of the component 145 corresponding to the first portion 140A to reveal the information thereunder, by lifting the component 145 (or one or more layers thereof) from the surface of the card blank 105 corresponding to the first portion 140A to reveal the information thereunder (in which case a pattern or residue or tear in that portion of the component may be evident), or by other means: when a portion of the underlying information 247 is revealed, the tamper-resistant feature of the component 145 corresponding to the first portion 140A is activated. The underlying information portion 247 hidden by the first portion 140A of the mask may be a verification code that can be used to verify the authenticity of the currency card 101. For example, the verification code may be a corresponding first portion of an encryption key or passphrase by which private access information in the form of ciphertext hidden by component 121 of patch 120 may be decrypted to obtain private access information in the form of plaintext. Alternatively, the passcode may be separate from an encryption key or passphrase (e.g., first portion 140A hides a passcode that does not correspond to the first portion of the encryption key or passphrase), such as an encryption hash (e.g., truncated to a desired number of characters) based on information corresponding to the card (e.g., a unique identifier, an optical code, or other visible information) or a PIN that can verify the card 101).

In some embodiments, the issuer of the physical currency card maintains a database that associates unique identifiers of the components (e.g., 121, 130) of the patch 120 and the engraved card blank with the validation code. In some embodiments, the entry may be a hash, such as a cryptographic hash, for example, a SHA-256 hash of the unique identifier concatenated with the passcode, or may be other information that maintains a correspondence between the unique identifier and the passcode. In some embodiments, an issuer of the physical currency card may issue an algorithm by which the issued physical currency card may be verified with a verification code. Next, for example, the user may use the application to authenticate the physical currency card by entering a verification code and other information, such as the card's unique identifier and public access information (e.g., a public key, an address encoded by an optical code printed within the optical code portion 123, or alphanumeric text printed within the alphanumeric text portion 129 of the patch's assembly 121 that includes the public access information). In some embodiments, the application may submit a request to a server, such as a server of a card issuer or a decentralized computing platform, to authenticate the card, such as by requesting execution of a specified smart contract on the decentralized computing platform. An example smart contract may be a portion of executable code, such as a script. A compute node of the decentralized computing platform at which the script resides (e.g., an immutable data store immutable within a block of a blockchain or the like) may access the script at a specified address, such as a cryptographic hash address, and execute the script in response to a request (e.g., a request specifying an address and including input information, such as a passcode and a unique identifier) and return a result. In some embodiments, the node is a peer node of a decentralized computing platform and stores in memory at least a portion of a distributed ledger that records transactions in which a digitally anonymous asset, such as an encrypted token, has been transferred to an account on the decentralized computing platform corresponding to a public key of a public-private encryption key pair, wherein the decentralized computing platform is operable to transfer an encrypted business pass out of the account in response to proving possession of a party having a private encryption key. The distributed ledger may also store other information through functions or transactions (e.g., sstore, sload, etc.), such as information that may be used to verify cards based on key-value pairs. In some embodiments, the results are returned by publishing the results to an immutable data store of the decentralized computing platform, such as a transaction. In some cases, the user may pay gas (e.g., a processing fee) for the process of authenticating the physical currency card, thereby minimizing reliance on the card issuer for authentication after purchase. In some embodiments, the card issuer may issue the verification result or verification information to the immutable data store so that the user can be verified by either method.

In some embodiments, the underlying information 247 hidden by the mask 140 is an encryption key, such as a symmetric encryption key, that may be used to decrypt at least some of the information of the patch 120. For example, the bottom component 130 of the patch 120 or the bottom component 130 engraved in the card blank hidden by the at least one component 121 of the patch may include ciphertext corresponding to the private key, which may be used for decryption to obtain the plaintext of the private key. In some embodiments, a subset of the encryption key is used as the authentication code, e.g., the first 4 values of the encryption key, which may have 12-24 values. In some embodiments, the first 4 values of the encryption key may also deterministically verify at least some hidden information on the card, such that if the user chooses, they may verify the card 101 to the issuer and also deterministically verify a portion of the hidden information by displaying that portion (optionally without revealing all of the hidden information, although the user may choose to deterministically fully verify each aspect of the card by obtaining the plaintext of the private key, computing the public key, and computing the set of addresses). Here, for such use cases, the user can still ensure that they are the only entity possessing private access information through the tamper-resistant functionality.

As noted above, the component 145 of the screen 140 may be tamper-resistant, for example, by one or more tamper-resistant means disclosed herein, such as a layer or layers having one or more tamper-resistant features, such as a layer that adhesively adheres the layer to the card blank 105 in a back-adhered manner, which reveals a pattern, scrapes off a surface layer, etc., when the layer is lifted. Thus, for example, prior user authentication of the card by the authentication portion of the hidden information 247 may be made apparent by removing the portion 140A of the hidden authentication code information of the mask.

In some embodiments, the user may also use one or other authentication measures, such as by checking product-associated features of physical card 101. For example, the component 121 may have a top layer of material on or within which a scent (which may be promoted via scratching at the surface) is embedded. The user may gently scrape the surface of the assembly 121 and detect odors to verify authenticity. In another example, a user may inspect one or more foil markers, holograms, or other image or embedded material in assembly 121.

Fig. 3A illustrates an example 300A of a currency card including a tamper resistant top assembly 121 of a multi-component patch 120 according to some embodiments. In contrast to the example of fig. 2 (or fig. 1A or 1B), fig. 3A shows a lifted 325 portion of the tamper-evident assembly 121.

As shown, a residue, such as an adhesive layer or tamper-resistant pattern 321 with a layer of applied adhesive, may remain adhered to the surface of blank 105 when the corresponding portion of tamper-resistant assembly 121 adhered to the surface of blank 105 is lifted 325. For example, tamper-resistant pattern 321 evident on the surface of the card may be a corresponding portion of a pattern formed in an adhesive or underlying layer of component 121, which component 121 is configured to remain adhered to the surface of the card. Examples may include a residual adhesive or a residual adhesive pattern layer that is evident upon visual inspection, which residual adhesive may form a pattern.

Further, tamper-resistant pattern 323 may be evident in component 121, such as a corresponding portion of a pattern formed in an adhesive layer or underlying layer of component 121, which component 121 is configured to remain adhered to component 121 (e.g., retained by component 121) when component 121 is lifted 325 from the surface of card blank 105. Thus, in some embodiments, the tamper-resistant pattern 323 visible on the component 121 may be opposite the tamper-resistant pattern 321 visible on the surface of the card blank 121. For example, if the pattern is a hexagonal honeycomb pattern, the residual pattern 321 may be a plurality of hexagons and the retained pattern 323 may be a plurality of boundaries around the hexagons, or vice versa. Alternatively, for a checkerboard-like square pattern, the residual pattern 321 may be a plurality of offset squares (e.g., corresponding to red squares of a checkerboard if black squares are removed), and the retained pattern 323 may be a plurality of oppositely offset squares (e.g., corresponding to removed black squares of a checkerboard). Other patterns or designs, whether randomly generated or having a particular structure, or subject to tearing, are equally suitable; the tamper-proof aspect results from a first portion that remains on the surface of blank 105 as residue 321 and an opposing second portion that is retained 323 by assembly 121 when lifted. In some embodiments, the residual portion 321 of the pattern may be deformed on the surface of the card blank 105, or the retained portion 323 of the pattern may be deformed on the lifted portion of the assembly 121 due to the lifting 325 of the assembly 121. In some embodiments, the color plates disposed in the surface of the card blank 105 facilitate the physical peeling of the portion of the tamper-resistant pattern 321 remaining on the surface of the card blank from the assembly 121.

As described above, the components 121 of the patch 120 may encapsulate (e.g., enclose, cover, conceal, enclose, or otherwise hide) at least some of the private access information, whether or not the private access information is disposed on a surface of the card blank 105, on the bottom component 130 of the multi-component patch, or both. Thus, the tamper-resistant features of component 121, such as the adhesive, layer of adhesive, or the bifurcation of a layer adhered to the surface of the card blank, cause some portions of component 121 to be physically peeled away (e.g., and remain on the surface of card blank 105) while another portion is physically retained by component 121, visibly revealing evidence of tampering on both the surface of card blank 105 and component 121. Furthermore, because some parts of component 121 are physically removed, a malicious party cannot restore component 121 to its original appearance. As a result, the user may visually inspect card 101 to determine whether private access information has been previously accessed.

Fig. 3B illustrates an example 300B of a currency card 101 showing the tamper-resistant effect after removing the tamper-resistant top component of the multi-component patch 120 to expose the bottom component 130 of the multi-component patch, according to some embodiments. In contrast to the example of fig. 3A (or fig. 1A, 1B, or 2), fig. 3B shows the physical currency card 101 after removing the tamper-resistant component (e.g., component 121 in fig. 3A) that hides the private access information.

As shown, a residue, such as an adhesive layer or tamper-resistant pattern 321 with a layer of applied adhesive, may remain adhered to the surface of card blank 105 when a tamper-resistant component (e.g., component 121 in fig. 3A) previously adhered to the surface of the card blank has been removed. For example, tamper-resistant pattern 321 evident on the surface of the card may correspond to an area on the surface of card blank 105 to which a tamper-resistant component is adhered, the pattern corresponding to a portion of a pattern formed in an adhesive layer or lower layer of the component and configured to remain adhered to the surface of the card. Examples may include a residual adhesive or a residual adhesive pattern layer that is evident upon visual inspection, which residual adhesive may form a pattern.

As described above, the tamper-resistant component (e.g., component 121 in fig. 3A) may encapsulate (e.g., enclose, cover, conceal, enclose, or otherwise hide) at least some of the private access information, whether or not the private access information is disposed on a surface of the card blank 105, on the bottom component 130 of the multi-component patch, or both. Here, the bottom component 130 of the multi-component patch is shown. In some embodiments, some or all of the information printed on the base assembly 130 may be provided on a surface of the card blank 105, for example, in an area corresponding to the illustrated base assembly 130. Some embodiments may include information in addition to bottom component 130 or in place of bottom component 130 (e.g., such that if bottom component 130 is damaged or unreadable, the digitally anonymous asset transferred to the address associated with card 101 may be accessed using private access information disposed in the surface of card blank 105.

As shown, the bottom component 130 of the multi-component patch is revealed when the top component of the multi-component patch is removed from the card 101. As with the top component, the bottom component 130 may be a patch 330. In some embodiments, the bottom component 130 is formed as a patch 330 and applied to the surface of the card blank 105 (e.g., within the center of the color plate or within a designated area having the color plate) prior to positioning the top component. A top component (e.g., component 121 in fig. 3A) having tamper-resistant features may also be formed as a patch (e.g., patch 120 in fig. 3A) that is positioned over patch 330 and applied such that it hides at least some information on patch 330 and also adheres to at least some portions of the surface of card blank 105 (e.g., the area surrounding or at least partially surrounding patch 330). Next, when the tamper-resistant top assembly is removed, the tamper-resistant pattern 321 in the area surrounding the assembly is revealed when the top assembly is removed. Thus, for example, the bottom component 130 may be a patch 330 and the top component may also be a patch, which are formed separately and applied in sequence to form a multi-component patch. In some embodiments, the bottom component 130 may be a patch 330 and the top component may also be a patch, which are separately formed and combined to form a single multi-component patch prior to applying it to the surface of the card. In some embodiments, the bottom component 130 may be formed and the top component formed over the bottom component to form a single multi-component patch prior to its application to the surface of the card. Regardless of the specific process, the bottom component 130 may include private access information that is hidden by the top component.

In some embodiments, the bottom component 130 has at least a portion of the other information visible, while the top component is positioned to hide the private access information. In some embodiments, the bottom component 130 has a material top layer or coating to which the adhesive of the top component adheres less strongly than the surrounding portions of the currency card (e.g., the surface of the card, which may include a color plate). In some embodiments, the top assembly includes a different adhesive corresponding to the surrounding portion rather than the central concealed portion. In some embodiments, the bottom component 130 has a coating applied, such as a UV protective coating or sealant, which may be a film layer or other coating, such that the top component adheres less strongly to its surface than the surrounding area within which the tamper-resistant pattern 321 is promoted and the adhesive strength is less than the threshold adhesive strength sufficient to promote tamper-resistance such that removal of the top component after removal does not significantly obscure the private access information. In some embodiments, the bottom assembly 130 causes tamper-resistance to occur in the corresponding lifted portion of the top assembly, but there is no substantial residue (or ease of removal) on the bottom assembly. For example, removal of the top component may cause residue (or a portion of the adhesive layer) to remain on the portion of the card surrounding the bottom component 130, but not on the bottom component itself, but may adhere within a threshold strength sufficient to cause distortion of the pattern in the lifted top component.

In some embodiments, the top assembly includes two different adhesives, with a center adhesive corresponding to an area of the bottom assembly 130 being different from a perimeter adhesive corresponding to a perimeter portion of the currency card. In some embodiments, the tamper-resistant pattern is facilitated (e.g., applied) not in a central region of the adhesive layer or layer adjacent to the adhesive but in a peripheral region corresponding to a peripheral portion of the currency card. In some embodiments, the top assembly comprises: a first film layer adjacent to the adhesive and corresponding to the central region but not the peripheral region; and a subsequent layer overlapping the first layer and having a size corresponding to the surrounding area; a second layer having tamper-resistant features such that the tamper-resistant pattern 321 is facilitated in the surrounding area, but the first layer corresponding to the area of the bottom component 130 can be removed (either with or after the top component) without leaving a residue. In some embodiments, the first layer has a scratch-off coating by which privately accessed information can be revealed, or in some embodiments, the first layer can be a top layer of the bottom component.

In some embodiments, removal of the top component leaves a gap 350 between the bottom component 130 and the surrounding tamper resistant portion 321. In some embodiments, the tamper resistant portion 321 corresponds to a color plate etch on the currency card that may have a corresponding gap 350 between an outer color plate that facilitates adhesion of the top component and an inner color plate that facilitates adhesion of the bottom component 130.

As shown, the privately-accessed information disposed on the bottom component 130 (or information disposed in a corresponding area of the surface of the card blank) is substantially hidden by the top component (e.g., except for a window or cutout corresponding to the unique identifier portion 107C of the bottom) and revealed upon removal of the top component. In some embodiments, the information hidden by the top-level component includes private access information. For example, as shown, the hidden portion of the bottom component 130 can include another optical code portion 333 and an alphanumeric portion 337, which can correspond to a private key through which an account number based on a corresponding public key of a public-private key pair can be accessed. For example, an optical code disposed within optical code portion 333, such as a QR code, may encode a private key that may be copied in alphanumeric text within alphanumeric text portion 337. Alternatively, to improve security (e.g., by forcing a malicious party to access additional information hidden by the tamper-resistant component 145 of the shroud 140, and other purposes discussed in more detail with reference to fig. 7), the optical code and alphanumeric text, rather than directly corresponding to the private key, may correspond to the ciphertext of the private key, the plaintext of which is the private key of the key pair through which the associated account may be accessed. To produce the ciphertext, the plaintext of the private key may be encrypted by a symmetric encryption protocol using information 247 (e.g., an encryption key, such as a passphrase) that is hidden by at least portion 140B of the mask 140 (and optional portion 140A if the passcode is the first portion of the encryption key). In some embodiments, the encryption key may be used to decrypt ciphertext through a corresponding symmetric decryption protocol to reveal the plaintext of the private key of the key pair. Thus, in some example embodiments, the user must remove the tamper resistant top component to reveal the ciphertext and remove or scrape the masker 140 to reveal the encryption key in order to determine the plaintext of the private key.

Fig. 4 illustrates an example 400 of a currency card including an exposed bottom component of a multi-component patch and an encrypted passphrase, in accordance with some embodiments. In contrast to the example of fig. 3B (or fig. 1A, 1B, 2, or 3A), fig. 4 shows the physical currency card 101 after removing the tamper-resistant component (e.g., component 121 in fig. 3A) that hides the private access information in the form of ciphertext and removing (e.g., by stripping or scraping off the surface) the mask (e.g., component 145 in fig. 3B) that hides the encryption key (e.g., passphrase) by which the private access information in the form of plaintext can be obtained from the ciphertext.

As shown, the information hidden by the mask may be an encryption key 444 of a symmetric encryption protocol, the encryption key 444 being used to encrypt private access information (e.g., a private key) of a key pair to produce a ciphertext printed within the alphanumeric ciphertext portion 337 of the bottom component 130. An optical code, such as a QR code, may be an encoding of the ciphertext printed within the optical code portion 333 of the base component. Example symmetric encryption protocols include, but are not limited to, AES-128, AES-192, AES-256, and the like. In some embodiments, a protocol corresponding to a decentralized computing platform is used. For example, a bitcoin improvement protocol (e.g., BIP38) or other protocol may specify one or more protocols by which a private key may be protected with an encryption key or passphrase. In some embodiments, the encryption function of a protocol takes as input a plaintext private key (e.g., of a given format) and an encryption key or passphrase (e.g., of a given format) by which ciphertext of the private key is generated (or protected by the protocol) and corresponds (e.g., uniquely) to ciphertext in a given protocol. In some embodiments, a portion of the encryption key or passphrase may be a checksum, such as a passcode, by which a user may verify the ciphertext. The decryption function of the protocol may take as input a ciphertext private key (e.g., of a given format) and a corresponding encryption key or passphrase, which may be entered by scanning an optical code and typing or optical character recognition or separating the optical code of the encryption key or passphrase. Next, the decryption function of the protocol outputs a clear text private key that supports the account corresponding to the currency card.

Fig. 5A, 5B, and 5C illustrate example sequences of forming multi-component patches and currency cards according to various embodiments described herein.

Fig. 5A illustrates the alignment of a top component 520 and a bottom component 530 of a multi-component patch in accordance with at least some embodiments. The bottom component 530 includes a first information portion that is encapsulated (e.g., enveloped, covered, hidden, surrounded, or otherwise hidden) by the top component 520. The bottom component 530 includes a second information portion that is visible through the window of the top component 520. Thus, for example, the bottom component 530 and the top component 520 can be aligned to create a multi-component patch. In some embodiments, as a result of the alignment, the bottom component 530 includes a portion that is hidden by the top component 520 (e.g., a portion that includes private access information) and another portion that is visible when the top component 502 is aligned (e.g., a portion that includes a unique identifier or other non-hidden information disposed on the bottom component). For example, the top components 520 may be placed (or formed) in a position above (e.g., over) the bottom components 530 on the roll of patches, or they may be individually applied to the currency cards (e.g., the bottom components 530, then the top components 520) in sequence.

Fig. 5B illustrates a multi-component patch 505 in accordance with at least some embodiments. As shown, the window portion of the top component of the multi-layer patch 505 exposes the second information portion of the bottom component. The second information may be unique identifiers printed on the top and bottom components of the multi-layer patch for inspection. For example, the user may check the unique identifier to verify a match between the top component and the bottom component.

FIG. 5C illustrates a multi-component patch 505 applied to a currency card 510 in accordance with at least some embodiments. In some embodiments, the portion of the currency card 510 to which the patch 505 is applied includes a color plate to facilitate adhesion. In some embodiments, the currency card 510 includes a unique identifier disposed thereon that corresponds to the unique identifier of the patch 505. For example, the unique identifier may be visible on the bottom component of the patch via the window of the top component, and the top component may also include the unique identifier. Thus, the matching of the components of the patch 505 to the card 510 ensures that the information printed on the different components of the patch 505 and the information provided on the card 510 (e.g., under the mask 540) are interoperable.

Fig. 6A and 6B illustrate examples of a multi-component patch 120 according to some embodiments. In each of fig. 6A and 6B, a cut is shown through the multi-component patch 120 to illustrate example configurations of different components.

Fig. 6A shows an exemplary multi-component patch 120 having a top component 121 and a bottom component 130. As shown, along the cut-out, the top assembly 121 includes an optical code portion 123, a unique identifier portion 107B, and a window 127A. Within the window 127A, a portion of the bottom member 130 is visible. The visible portion may correspond to the unique identifier portion 107C of the base component 130 such that the multi-component patch 120 may be visually inspected to determine whether the

different components

121, 130 having different information printed thereon in the optical code portion correspond to one another.

As shown, the base component 130 may correspond to the first layer L1 of the multi-component patch 120. On the base assembly 130, information may be printed thereon, such as the first printed information P1. The first printed information may include an optical code portion 333 and a unique identifier portion 107C along the cut. Private access information, such as a private key of a public-private key pair or ciphertext thereof, may be encoded as an optical code printed within the optical code portion 333 of the base component. Similarly, the unique identifier can be printed within the unique identifier portion 107C, and the unique identifier portion 107C can correspond to an area of the bottom component that is aligned with the window 127A of the top component 121.

As shown, the top component 121 may correspond to the second layer L2 of the multi-component patch 120. On top assembly 121, information may be printed thereon, such as second printed information P2. The second printed information may include an optical code portion 123 and a unique identifier portion 107B along the cut. Public access information, such as a public key (which corresponds to the private key described above) or a public key-based address and in a decentralized computing platform format, may be encoded as an optical code printed within the optical code portion 123 of the top component. Similarly, the unique identifier may be printed within the unique identifier portion 107B. Within top assembly 121, a window 127A may be formed, for example, by removing the region from the top assembly (e.g., stamping or cutting away the portion). As shown, the window 127A is aligned with the region of the bottom component 130 in which the unique identifier is printed (e.g., the unique identifier portion 107C) such that the unique identifier is visible through the window 127A in the multi-component patch 120. Notably, at least some other information, such as private access information printed on the bottom component 130, is encapsulated (e.g., enveloped, covered, hidden, encompassed, or otherwise hidden) by the top component 121. Thus, as shown, the top component 121 may have edges that extend beyond the edges of the bottom component 130 in at least three directions (four directions are shown in the illustrated embodiment), but when the top component 121 is so configured and positioned to form a multi-component patch 120 with the bottom component 130, at least some of the information printed on the bottom component 130 remains visible, such as the unique identifier. In other words, the top assembly 121 may extend beyond at least a portion of the perimeter of the bottom assembly, such as along 60-90% of the perimeter of the bottom assembly 130, to conceal at least some information disposed on the top assembly and to ensure that a user must lift the top assembly 121 to determine some or all of the concealed information disposed on the bottom assembly 130. Thus, for example, although rectangular components are shown, other shapes may be used and the components may have different shapes (e.g., a first may be circular and the other rectangular).

Fig. 6B shows an example multi-component patch 120 having a top component 121 and a bottom component 130. As shown, along the cut-out, the top assembly 121 includes an optical code portion 123, a unique identifier portion 107B, and a window 127B. Within the window 127B, a portion of the bottom member 130 is visible. The visible portion may correspond to the unique identifier portion 107C of the base component 130 such that the multi-component patch 120 may be visually inspected to determine whether the

different components

As shown, the base component 130 may correspond to the first layer L1 of the multi-component patch 120. On the base assembly 130, information may be printed thereon, such as the first printed information P1. The first printed information may include an optical code portion 333 and a unique identifier portion 107C along the cut. Private access information, such as a private key of a public-private key pair or ciphertext thereof, may be encoded as an optical code printed within the optical code portion 333 of the base component. Similarly, the unique identifier can be printed within the unique identifier portion 107C, and the unique identifier portion 107C can correspond to an area of the bottom component that is aligned with the window 127B of the top component 121.

As shown, the top component 121 may correspond to the first layer L1 of the multi-component patch 120. On top assembly 121, information may be printed thereon, such as second printed information P2. The second printed information may include an optical code portion 123 and a unique identifier portion 107B along the cut. Public access information, such as a public key (which corresponds to the private key described above) or a public key-based address and in a decentralized computing platform format, may be encoded as an optical code printed within the optical code portion 123 of the top component. Similarly, the unique identifier may be printed within the unique identifier portion 107B. Within top assembly 121, window 127B may be formed, for example, by removing the region from the top assembly (e.g., stamping or cutting away the portion). As shown, the window 127B is aligned with the region of the base component 130 in which the unique identifier is printed (e.g., the unique identifier portion 107C) such that the unique identifier is visible through the window 127B in the multi-component patch 120. Notably, at least some of the other information, such as private access information printed on the bottom component 130, is hidden by the top component 121. Thus, as shown, the top component 121 may have edges that extend beyond the edges of the bottom component 130 in at least three directions (four directions are shown in the illustrated embodiment, but with portions of the edges of the bottom component 130 exposed within the window 127B), but when the top component 121 is so configured and positioned to form the multi-component patch 120 with the bottom component 130, at least some of the information printed on the bottom component 130 remains visible, such as the unique identifier. In other words, the top assembly 121 may extend beyond at least a portion of the perimeter of the bottom assembly, such as along 60-90% of the perimeter of the bottom assembly 130, to conceal at least some information disposed on the top assembly and to ensure that a user must lift the top assembly 121 to determine some or all of the concealed information disposed on the bottom assembly 130. Thus, for example, although rectangular components are shown, other shapes may be used and the components may have different shapes (e.g., a first may be circular and the other rectangular).

Further, it can be seen that the top component 121 is disposed (or positioned) above the bottom component 130 (e.g., perpendicular to the surface of the application below layer L1) so as to overlap and hide some of the information 333 disposed on the bottom component 130, while some of the other information 107C remains visible. In other words, the top component 121 can encapsulate (e.g., envelope, cover, hide, enclose, or otherwise hide) the information 333 printed on the bottom component 130. Notably, since top component 121 extends beyond the perimeter of bottom component 130 along at least some portions, over does not necessarily mean physically over, since those portions of top component 121 that extend beyond the perimeter of bottom component 130 need not be physically over a layer or layers of bottom component 121 (e.g., in areas other than the area where top component 121 overlaps bottom component 130). Thus, as referred to herein, over may refer to an order of application or positional order of some portions of a layer, but need not apply to all portions of a layer, e.g., layer L2 is physically located over layer L1, where layer L2 overlaps layer L1, and layer L2 is disposed over layer L1, but an existing portion of layer L2 that extends beyond the perimeter of layer L1 need not be physically located over layer L1. For example, an existing portion of layer L2 that extends beyond the perimeter of layer L1 may be adhered to have a surface that is the same height as that corresponding to layer L1 (although not required, as, for example, the surface region corresponding to layer L1 may be countersunk relative to the surface region corresponding to the existing portion of layer L2, or the surface region corresponding to the existing portion of layer L2 may be raised).

Fig. 6C, 6D, 6E, and 6F illustrate examples of components of a multi-component patch according to some embodiments. As previously described, the assembly may include multiple layers (e.g., a multi-layer assembly), which illustrate various examples of forming an assembly having multiple layers.

Fig. 6C illustrates an example multi-layer assembly, such as a base assembly 630 having multiple layers. In some embodiments, the bottom component 630 is formed as a patch 601, which patch 601 is then mated with another component patch, such as a top component, to form a multi-component patch. A cut through the assembly 630 through the various layers is shown.

An example component 630 may include an adhesive layer a that includes an adhesive 605. In the example shown, the adhesive 605 may be formed as a layer or otherwise applied to an adjacent layer PL.

Example components 630 may include: a printed layer PL, such as a PET or PP layer 610, has information 620 printed thereon. In some embodiments, a PET film or BOPET film layer 610 is used for the print layer. The printing P of the print layer PL may use any suitable printing process. In some embodiments, an electrically charged ink transfer process is used, and information 620 may be transferred to print layer PL along with any pattern or design. For example, chargeable ink particles corresponding to information 620 may be formed on the print layer. In some embodiments, the transfer printing process includes heating and melting ink particles into a printed layer, such as by direct transfer of a mirror image of the information.

Example component 630 may include a surface layer SL, such as a PET or PP layer 631, for protecting printed information 620 (e.g., from elements or abrasion). In some embodiments, a transparent PET, BOPET, or BOPP film layer 631 is used for the surface layer (e.g., so that the printed information 620 remains visible on the surface of the component 630).

Fig. 6E illustrates an example multi-layer assembly, such as a base assembly 630 having multiple layers. In some embodiments, the bottom component 630 is formed as a patch 601, which patch 601 is then mated with another component patch, such as a top component, to form a multi-component patch. A cut through the assembly 630 through the various layers is shown.

In contrast to fig. 6C, fig. 6E shows multiple top layers TL1, TL2 disposed above the print layer PL, rather than a single surface layer above the print layer. In some embodiments, the lower top layer 631A protects the printed information 620 (e.g., from one or more elements or wear). In some embodiments, a first layer 631A of clear PET, BOPET, or BOPP film is used for the lower top layer 631A (e.g., so that the printed information 620 remains visible on the surface of the component 630). In some embodiments, the upper top layer 631B protects and hides the printed information 620 (e.g., from view) or prevents one or more elements or wear, and these qualities of protection may be different than the lower top layer 631A. In some embodiments, a second layer 631B of clear PET, BOPET, or BOPP film is used for the lower top layer 631B (e.g., so that the printed information 620 remains visible on the surface of the component 630). In some embodiments, the second layer 613B includes indentations of material or metallized film (which may be foil-like or reflective in some cases) that can be removed to view the information 620 on the printed layer, but when in place prevents scanning from reading privately accessed information printed on the bottom component 601.

Fig. 6D illustrates an example multi-layer assembly, such as a top assembly 660 having multiple layers. In some embodiments, the top component 660 is formed as a patch 602 that is subsequently mated with another component patch, such as a bottom component, to form a multi-component patch. In some embodiments, top component 660 is formed over the bottom component, for example, by forming the layers shown over one or more existing layers. A cut through the assembly 660 through the various layers is shown.

An example component 660 may include an adhesive layer a that includes an adhesive 607. In the example shown, the adhesive 607 may be tamper-resistant and formed as a layer or otherwise applied to the adjacent layer PL. In some embodiments, adhesive 607 is colored and reduces the passage of light therethrough (e.g., so that the material or information underlying adhesive 607 is not visible). In some embodiments, adhesive 607 may be reflective in order to reduce scanning of materials or information that is not visible under adhesive 607. In some embodiments, a pattern is formed in adhesive 607, such as between print layer PL and the adhesive, or below the adhesive. The pattern is formed such that when a printing layer material, such as layer 640, is lifted from a surface to which adhesive 607 adheres layer 640, a first portion of adhesive 607 (e.g., corresponding to a first portion of the pattern) remains adhered to layer 640, while a second portion of adhesive 607 (e.g., corresponding to an opposite second portion of the pattern) remains adhered to the surface to which layer 640 is adhered. Thus, tampering with the component 660 provides an indication of tampering, for example, by lifting the component (e.g., at least layer 640) from the surface to which it is adhered by the adhesive 607.

Example components 660 may include: a printed layer PL, such as a PET or PP layer 640, has information 650 printed thereon. In some embodiments, a PET film or BOPET film layer 640 is used for the print layer. The printing P of the print layer PL may use any suitable printing process. In some embodiments, an electrically charged ink transfer process is used, and information 650 may be transferred to the print layer PL along with any pattern or design. For example, chargeable ink particles corresponding to information 650 may be formed on the print layer. In some embodiments, the transfer printing process includes heating and melting ink particles into a printed layer, such as by direct transfer of a mirror image of the information.

Example components 660 may include a surface layer SL, such as a PET or PP layer 661, for protecting printed information 650 (e.g., from elements or abrasion). In some embodiments, a clear PET, BOPET, or BOPP film layer 661 is used for the surface layer (e.g., so that printed information 650 remains visible on the surface of component 660). In some embodiments, one or more indicia may be embedded in layer 661, such as foil indicia, which may be holographic or foil designs that indicate the authenticity of component 660. In some embodiments, a scent is applied (e.g., as a coating) or otherwise impregnated into layer 661, and can be released when the surface is scratched.

In some embodiments, window 127 is formed in component 660. For example, a tool 695 may pass through the layers of the component 660 and remove that portion of the component to form a window. In some embodiments, the tool 695 may be cut to a specific depth corresponding to the adhesive such that the adhesive and layers of the assembly 660 are removed without penetrating the underlying material. In some alternative embodiments, tamper resistant adhesive 607 may not be disposed in the area corresponding to window 127, for example, a transparent adhesive (or no adhesive) may be disposed within the area corresponding to window 127. Further, in this area, the other layers may have transparent portions so that the underlying material or information on the material may be seen through the window 127.

Fig. 6F illustrates an example multi-layer assembly, such as a top assembly 660 having multiple layers. In some embodiments, the top component 660 is formed as a patch 602 that is subsequently mated with another component patch, such as a bottom component, to form a multi-component patch. In some embodiments, top component 660 is formed over the bottom component, for example, by forming the layers shown over one or more existing layers. A cut through the assembly 660 through the various layers is shown.

In contrast to fig. 6E, fig. 6F shows an additional bottom layer UL between the print layer PL and the adhesive layer a. In some embodiments, the bottom layer 670 includes one or more anti-tampering or anti-tampering features to prevent malicious parties from determining information below the layer 670. In some embodiments, layer 670 is a metallized PET, BOPET, or BOPP film or foil, or a pattern of foils or films, through which underlying information may be obfuscated. In some embodiments, both layer 670 and adhesive layer 607 serve to obfuscate information beneath component 660, and may optionally include different tamper-resistant features (e.g., visible in component 660 or in the surface to which component 660 is adhered when it is tampered with) or anti-tamper features (e.g., to prevent scanning or visual reading through component 660) that serve to hide information beneath component 660, such as information printed on the bottom component or other surface to which component 660 is adhered (e.g., information or surface areas that are not visible through window 127).

FIG. 7 illustrates an example computing environment 700 within which a currency card may be implemented, according to some embodiments. In some embodiments, the card is robust to supply chain attacks. In some embodiments, the example computing environment 700 is configured to implement a manufacturing process that enhances the security of digitally anonymous assets associated with cards held by a user by ensuring that personnel participating in the production of the cards cannot access those digitally anonymous assets.

Some embodiments of a manufacturing process that may be implemented within the example computing environment 700 include at least two production teams. Some embodiments include at least a first production team corresponding to the issuer system 730 for issuing and managing physical currency cards.

In some embodiments, a first portion of the publisher system 730 is coupled to a network 101, such as the internet. The first portion of the issuer system 730 may include a currency card API737, such as an API configured to interface with native applications 755 executing on a device of a user of the physical currency card, such as the example user device 750. In some embodiments, the currency card API737 services requests received from native applications via user devices and returns responses that may include results of processing the requests to the respective user devices so that the results may be displayed in the native application 755 of the user device 750 on which the user initiated the request. For example, the issuer system 730 may include currency card data 745 in the database 740, the currency card data 745 being usable to service requests received by the currency card API 737.

In some embodiments, the database 740 includes currency card data 745 that can be used to validate issued currency cards. The received request to validate the currency card may be passed to the card validator 735, the card validator 735 processes the request based on the currency card data 745 in the database 740, and returns the validation result to the API737, which API737 is sent to the requesting device. Thus, in some embodiments, the card verifier 735 may verify the authenticity of the card based on information provided in the received API request based on the local data 745 of the database 740. In some embodiments, card verifier 735 may store a count of requests to verify a given card within database 740, and return the count as a result of the verification (e.g., as an indication of whether another entity has access to the card). For example, some embodiments uniquely associate a unique identifier (or hash thereof) or address (or hash thereof) and a portion (e.g., the first four digits) of a symmetric encryption key (or hash thereof) at the server side in the database 740. In some embodiments, the request to validate the currency card via API737 includes a portion of an encryption key, a unique identifier, or both, as a request to an API from user device 750. In some embodiments, the card validator 735 performs a first validation based on the local currency card data 745, e.g., confirming that the currency card is authentic by correspondence of the received information with stored currency card data indicating the currency card being issued. The card verifier 735 may generate a response to the API request to report the verification value. For example, the response to the API request may include a value indicating whether it matches the set on the card (e.g., return a binary determination if both commit, return a unique identifier if part of the key was committed, or return a part of the encryption key if the unique identifier was committed).

In some embodiments, the card verifier 735 performs a second verification based on the decentralized computing platform data, such as confirming that one or more addresses associated with the card have not been previously used in a transaction on a corresponding decentralized computing platform. For example, some embodiments of the card verifier 735 perform one or more verification operations on the platform 760 corresponding to the address of the card (or an address in the set of addresses) corresponding to the received API request. In some embodiments, the card verifier 735 writes to the platform a transaction indicating receipt of a request to verify a given card, and may determine within the platform an association count of requests processed for the given card, which may be returned with the result to the API request for verification. Likewise, the card validator 735 may determine the balance or amount of the asset held (e.g., the amount of coins, a commercial pass such as ERC-20 commercial pass or the amount of other digital assets transacted to the address) by one or more addresses of the card, such as by checking a blockchain of a given platform 760, which may be returned in response to a balance request.

In some cases, the card verifier 735 may write the verification results to the decentralized computing platform or card's local database 740 and initialize the count. The count of the authentication of the card may be incremented each time a request for authentication of the card is received via the currency card API 737. In some embodiments, for a new currency card, the count indicates that the user is the first user to authenticate the card, and as a result, the card cannot be considered a new card even if the tamper resistant adhesive substrate on hidden information 247 is replaced after such authentication.

Some embodiments include a native application 755, such as a card scanning application, for managing one or more physical currency cards obtained by a user. In some embodiments, the user may execute the native application 755 using the user device 750 to manage one or more currency cards within a wallet. In some embodiments, the native application 755 generates a user interface through which the user interacts with the application. For example, the native application 755 may generate a user interface for display by retrieving an existing UI from memory, evolving an existing UI, or combining new UIs with corresponding features. In some embodiments, the native application 755 may generate the user interface by retrieving data for one or more user interface elements from the server, for example, by requesting the user interface elements or populating the user interface elements based on data received from the API. In some embodiments, the native application 755 generates a sequence of separate user interfaces, or evolves a user interface for presenting a sequence of user interface views to display different data or options for user selection, and may generate a different user interface or evolves a user interface or otherwise updates the user interface views or information displayed within the generated user interface based on the user's selection or a response received from the server.

The native application 755 may interface with an image sensor of the user device to scan optical codes. The scanned optical code may be an optical code corresponding to a top component of the metal currency card that encodes an address (e.g., an address for receiving a transfer of ownership of the digital asset within a decentralized computing platform, such as a cryptocurrency platform) based on a corresponding public key. In some embodiments, the corresponding public key resolves to various wallet addresses on various decentralized computing platforms, such as example decentralized computing platform 760. The native application 755 may be configured to query a server, such as the API 737 of the issuer system 730, for one or more additional wallet addresses by the address of a given card. Each wallet address may have an associated balance as indicated by a transaction record in a data structure (e.g., an immutable data store) corresponding to a blockchain or similar blockchain of the decentralized computing platform 760. In some embodiments, the native application 755 displays a user interface that includes one or more currency card representations that the user has added to the wallet and one or more values indicating that the digitally anonymous assets correspond to one or more addresses associated with the given representation of the currency card.

Examples of user device 750 include computing devices such as mobile computing devices, e.g., smart phones, tablets, or laptop computers, but may also include desktop computers. In many cases, user device 750 is a smartphone or tablet computing device with a touch screen or other interface through which a user can view or input data, an image sensor, a wireless interface for network 101 connectivity, and an optional trusted execution environment. In some embodiments, the trusted execution environment is a logically or physically isolated execution environment of user device 750, which provides enhanced data security, for example, by: cryptographic isolation, secure coprocessors or memory, or other logical or physical structures that isolate data or processing from applications or processes executing in an untrusted environment. The native applications 755 may be obtained on the computer-readable media of the user equipment 750 from an application store, such as an application store, or from the publisher system 730 via the network 101. Executable code of the native application 755 may be obtained in memory of the user device 750 and executed by one or more processors of the user device 750 to perform one or more of the functions described herein.

In some embodiments, the native application 755 includes a wallet for managing physical currency cards obtained by the user. In example embodiments where the user device 750 includes a trusted execution environment, the native application 755 may interface with the trusted execution environment for storing and processing wallet data, such as physical currency card information. Further, in such embodiments, the native application 755 may interface with the trusted execution environment, e.g., through an API interface of the trusted execution environment, to request that the trusted application obtain and process data corresponding to the physical currency card so that other (e.g., untrusted) applications executing on the user device 750 cannot access the data. For example, native application 755 may request, via an API, that a trusted application within a trusted execution environment securely obtain and process input (e.g., via a keyboard interface or an imaging interface). In other embodiments, the native application 755 may maintain wallet data. In either case, the user may enter information corresponding to a given currency card into the native application 755 to configure the currency card within the wallet, for example by reading an optical code encoding the information using the user device 755, or by manually entering the information. The native application 755 may display a visual representation of the physical currency card within the interface and present user interface options that the user may select to validate the currency card. Thus, in some embodiments, the native application 755 may present a user interface through which a user may select to read an optical code corresponding to a physical currency card. The native application 755 may interface with an imaging device, such as an image sensor, of the user device 750 to capture an image of the optical code. Next, the native application 755 may process the image to obtain (e.g., read) the information encoded in the optical code. Alternatively, the user may manually enter this information.

The native application 755 may prompt the user to input or obtain additional associated information via the image sensor in response to reading a given optical code or selecting a function, such as a verification code, encryption key, etc., depending on the optical code or activity that the user desires to affect. For example, the optical code may be read to obtain an address or public key corresponding to the physical currency card, and the native application 755 may display a representation of the physical currency card with the address, public key, or one or more other addresses (e.g., corresponding to a different decentralized computing platform or a different cryptocurrency). The user may choose to authenticate the currency card by selecting a user interface element within the native application 755 to authenticate the card. In response to the selection, the native application 755 may prompt the user to enter a passcode (or other information, such as a unique identifier of the card), and upon obtaining the passcode input, send a request to the API 37 of the issuer system 730. In some embodiments, the request includes one or more of an authentication code (e.g., a portion of an encryption key) of the currency card, an address encoded by an optical code on the currency card, and a unique identifier of the currency card. In some embodiments, the native application 755 cryptographically hashes a combination of the above data, and sends the cryptographic hash instead of the data itself. For example, the native application 755 may concatenate the passcode and the address into an alphanumeric string, cryptographically hash the string, and send the cryptographic hash of the string or portion thereof for verification. Next, the native application 755 may receive a response from the issuer system 730 indicating the result of the verification, e.g., verified, and optionally whether a previous verification request has been serviced for the currency card. In some embodiments, the native application 755 may additionally request information from one or the decentralized computing platform 760, such as a request for a transaction associated with a given address corresponding to a currency card, and provide the result to the user (e.g., whether the address was previously used in the transaction, indicating a possible conflict or that another user has at least used the same address or public key corresponding to the card). Based on the results of the one or more verifications, the user (e.g., via access information provided thereon) can readily determine whether to use the physical currency card to manage (or hold) the digitally anonymous asset on decentralized computing platform 760.

In another example, the user may desire to transfer digit anonymous access and select a corresponding user interface option within the native application 755. Next, the optical code may be read to obtain the address or public key to which the user desires to transfer the digitally anonymous asset, or the user may manually enter the address or public key. The native application 755 may display a representation of one or more physical currency cards within the user's wallet, which may be used to effect the transfer. For example, the native application 755 may display a subset of the physical currency card within the wallet having the desired type of digital anonymous assets and the amount of access the card has. The user may then choose to effect the transfer with one or more physical currency cards. For example, the user may select a given representation of a money card with a sufficient balance to effect the transfer. In response, the native application 755 may prompt the user to provide private access information corresponding to the physical currency card. In some embodiments, the native application 755 prompts the user to read an optical code encoding private access information using an image sensor. Alternatively, the user may manually enter the private access information. In some embodiments, the private access information encoded in an optical code or otherwise printed on the physical currency card is a ciphertext of the private access information that must be decrypted to obtain a plaintext of the private access information to effect the transfer. Thus, the native application 755 may detect that the entered private access information is ciphertext (e.g., based on encoding the ciphertext in a format such as a prefix, or a format different from the format of a private key that may be used to effect the transfer), and request entry of an encryption key or passphrase by which the ciphertext private access information may be decrypted to obtain plaintext private access information. For example, the native application 755 may prompt the user to scan another optical code encoding the encryption key or to manually enter the encryption key so that the ciphertext may be decrypted and the private key obtained. If the user chooses to submit the transfer, the native application 755 may generate transaction information according to the agreement of the decentralized computing platform 760 corresponding to the digitally anonymous asset. Typically, the process includes a signature on the transaction information with a private key (e.g., obtained by decrypting the ciphertext private access information using an encryption key or passphrase) corresponding to a public key that supports the address to which the digitally anonymous asset is being transferred. For example, data, such as the number of digitally anonymous assets being transferred and the recipient address (among other information), may be digitally signed by a signature algorithm using a private key, and the signature on the data may be verified by a signature verification algorithm using a public key. Thus, for example, the transaction information may include signed data, a signature, and a public key by which the signature may be verified and resolved to hold at least the address of the quantity of digitally anonymous assets being transferred.

In some embodiments, a second portion of the issuer system 730 includes a currency card generator 733. In some embodiments, the currency card generator 733 is a cold computing server or system that does not access a network 101, such as the internet (e.g., for added security, although not giving up a configuration with network access). In some embodiments, the currency card generator 733 is a secure computing component or system configured to generate currency card information, e.g., a key pair, such as a public-private key pair. In some embodiments, the security component 733 also generates an encryption key for each key pair and encrypts the private key with the corresponding encryption key (e.g., to generate ciphertext of the private key). In some embodiments, the security component 733 generates addresses, such as cryptographic hash addresses for the decentralized computing platform, and in some cases may generate a set of addresses, where at least some of the different addresses correspond to digitally anonymous assets on different decentralized computing platforms or decentralized computing platforms. In some embodiments, the currency card generator 733 assigns a unique identifier to the set of information components corresponding to a given currency card. For example, a unique identifier, such as a serial number, may be associated with an address or set of addresses (or a public key on which the address is based), a ciphertext of a private key, and an encryption key.

In some embodiments, the currency card generator 733 outputs different combinations of information components of the currency card in different files (e.g., segments the generated information into different files), and these different files may be provided to different systems during the manufacturing process. In some embodiments, the information component is segmented into at least two portions, and these portions are not separately available for obtaining clear text supporting the private key of the currency card. For example, a first information component (e.g., a first file) may correspond to the printing system 710 and include tile data 715 for printing a tile (or a component of a multi-component tile). In some embodiments, the first file includes a unique identifier for each tile (or component of a multi-component tile), an address (e.g., public access information for the first component), and ciphertext (e.g., ciphertext for private access information for the second component). A second information component (e.g., a second file) may correspond to card system 720 and include card blank data 725 for engraving (or otherwise processing information) the card blank. In some embodiments, the second file includes a unique identifier and an encryption key (e.g., an encryption key used to generate a ciphertext of the private access information corresponding to the unique identifier) for each card blank to be engraved. In an alternative embodiment, the second file may include a unique identifier and a ciphertext of the private access information (where the card issuer retains the encryption key for the final engraving step done by the issuer, e.g., in a third file that includes the unique identifier or address and the corresponding encryption key). In another alternative embodiment, the card issuer may retain the card blank data 725 and perform each engraving step (although in some configurations it may be beneficial for a single party having the card system 720 to perform at least some of the engraving so that no single group, party, or individual has access to private access information, such as a private key, that may be used to obtain the clear text form without physically activating the tamper-resistant function of the card).

In some embodiments, the currency card generator 733 generates one or more addresses for a public-private key pair based on a public key of the key pair. In some embodiments, a set of addresses is generated, each address in the set being generated according to the protocol of a given decentralized computing platform 760, e.g., for a corresponding set of different decentralized computing platforms. In some embodiments, the set of addresses and the unique identifier or a hash of information corresponding to the card (e.g., the unique identifier concatenated with a portion of the encryption key) are stored within database 740 for supporting use of the currency card via user device 750. The primary address of a given platform, such as platform 760, on which the primary address is operable may be selected for printing as public access information on a patch of a currency card and included in the patch data 715 provided to the printing system 710. Other addresses in the addressing set may be stored in association with the master address or other identifier, or a combination thereof. For example, the currency card generator 733 may store an association based on the generated data in the database 740 or in a file used to populate the database. Further, using the generated address set, the money card generator 733 may discard the public key used to generate the address, and further, may discard any plaintext private key during data segmentation. The address need only be considered primary in the sense that it is the address selected to be included in the issued currency card. Further, in some embodiments, the primary address may be selected by generating the address for a given platform, and other addresses for other platforms (e.g., unselected platforms) may be generated later and optionally separately. That is, a complete set of addresses need to be generated to select the master address, as each address can be generated deterministically based on a different order of public keys or by a different system (e.g., before discarding the public keys available to obtain the corresponding private key).

In some embodiments, the associations stored in database 740 or elsewhere cannot themselves be used to obtain the private key in clear text. Thus, for example, once printing system 710, card system 720, or issuer system 730 completes the association operation and discards the encryption key (e.g., after engraving the card and using the tamper-resistant component to hide the encryption key) or the ciphertext of the private key (e.g., after creating or applying a patch or otherwise hiding the ciphertext through the tamper-resistant component), an attempt to determine that the private key in plaintext form will be apparent, and only the card itself will include a set of information disposed thereon that can be used to obtain the private key in plaintext form. Thus, for example, the database 740 may store a record, or a cryptographic hash or other representation thereof, of each currency card containing a unique identifier or validation code (e.g., a portion of a cryptographic key) in the currency card data 745, as well as a set of addresses that do not store public or private keys. In other words, for security, the public key and the private key may be discarded (although some embodiments may retain the public key, the public key may optionally be encrypted based on information or a combination of information discarded by the system but residing on the currency card, such that the public key may be obtained by the user without access to the private key). Accordingly, the currency card API737 may respond to API requests for verifying the balance of the currency card and the address associated with the currency card, as well as the primary address. The API737 may pass verification requests to the card verifier 735 component to receive results and provide the results to the user device. For example, the currency card API737 may respond to requests received from a native application 755 executing on the user device 750 of the user who has obtained the currency card.

In some embodiments, the example computing environment 700 is configured to implement a manufacturing process similar to that disclosed below using one or more of the components described above. As described above, various ones of the functions of the printer system 710, card system 720, or issuer system 730 may be further subdivided among different parties and decentralized to mitigate supply chain attacks. For example, the team responsible for the money card generator 733 may be geographically remote or otherwise isolated from another team responsible for generating some other money card information based on the output of the money card generator 733, and these respective teams may interact with respective systems (e.g., printing systems or card systems) during the manufacturing process. Further, the printer system and card system, and the team responsible for money card information generation may be further subdivided into sub-teams for key generation (e.g., a team may be responsible for a passphrase and encryption key by which intermediate code may be provided to another team for generating a ciphertext private key or other information, etc., and may communicate with a corresponding component, such as printer component 710 or card component 720, but not with each other).

In some embodiments, because an encrypted representation is used, the printing system 710 of the tamper resistant patch never accesses the plaintext of the key. Thus, for example, the information for printing of patch 715 may include a unique identifier for each patch, such as a serial number, an address/address optical code, and a ciphertext private key/ciphertext private key optical code. The patch manufacturer cannot determine the secret information that supports the account corresponding to the address or public key, since the patch manufacturer does not need to have an encryption key or a card blank tagged with an encryption key that can be used to decrypt the ciphertext private key.

In some embodiments, the card system 720 of the currency card blank never has access to the ciphertext of the private key (either physically or without tamper-resistance in a patch that hides the ciphertext of the private key). Thus, for example, card blank information 725 may include a unique identifier and an encryption key for each card. Since the card blank manufacturer does not possess the ciphertext of the private key, manufacturer 720 may be prevented from using the encryption key in a malicious manner.

In some embodiments, security may be increased by a final engraving step performed by card issuer system 730 rather than the card blank manufacturer. For example, the card issuer system 730 may detect a given instance of the card and append the remainder of the encryption key to the passcode portion or identify the card (e.g., based on a master address or unique identifier) and engrave the encryption key. Thus, for example, even collusion between the patch manufacturer and the card blank manufacturer is not sufficient to maliciously gain access to the secret key generated by the card issuer.

According to the above-described embodiments, an example manufacturing process may include a first production team (e.g., at a first facility) that produces private key information (or a private key seed) and another geographically independent team (e.g., at a second facility) that produces encryption key information (or a passphrase) for encrypting the private key. In some embodiments, the money card generator 733 may receive private key information and encryption key information as input and output the same on a separate storage medium in a separate file. For example, in some embodiments, the currency card generator 733 selects private key information and encryption key information, operates on the private key information to generate a private key and operates on the encryption key information to generate an encryption key, neither of which directly matches the input information as a result of the operation to prevent an attempt to retain any value of a malicious party to the input information. The currency card generator 733 segments the output into different files, such as a first file corresponding to the patch data 715 (e.g., a primary address, a ciphertext private key, and a unique identifier), a second file corresponding to the card blank data 725 (e.g., a unique identifier and an encryption key), and a third file corresponding to the currency card data 745 (e.g., a unique identifier, a captcha portion of an encryption key, and a set of addresses for user authentication or to obtain additional addresses) for the respective system. Different files may be generated on different storage media so that these different media may be provided to corresponding systems.

According to the above-described embodiments, an example manufacturing process may include a first production team (e.g., at a first facility) using printing system 710 to produce patch components based on patch data 715 and another geographically independent team (e.g., at a second facility) using card system 720 to produce card blanks based on card blank data 725. In some embodiments, a third production team is used (e.g., at a third facility). For example, a third production team may receive the tiles generated using tile data 715, apply the tiles to the card blanks prior to the engraving step, and then provide the card blanks with the tiles applied thereon to card system 720 for engraving based on card blank data 725. Alternatively, the third production team may apply the patch to the corresponding card based on a match of the unique identifier between the patch and the engraved card blank. In other words, embodiments of the manufacturing process may be implemented such that no production team gains access (e.g., physically or by visual inspection without triggering a tamper-proof indicator) to both the encryption key and the ciphertext private key.

Some embodiments of the currency card generator 733 and other aspects of the manufacturing process implement key generation and encryption processes, such as those specified in the BIP38 standard when manufacturing a physically encrypted currency wallet, such that multiple information components (e.g., the ciphertext of the private key and the corresponding encryption key) require access to the private key. In some embodiments, the encryption key may include a verification code portion and a remainder that may optionally be separated, and one or the other portion (or both) engraved in a final step prior to packaging, to further prevent a malicious party from gaining access to the information component that may be used to obtain the clear private key. Some embodiments provide a cryptographic currency storage solution that uses a key generation and encryption process that reduces security breaches in the manufacturing process by having different steps in the process occur at two geographically isolated manufacturing locations, and the order in which tamper-resistant components are placed on a product prevents a given party from gaining access to information components that can be used to obtain a clear private key without activating the tamper-resistant functionality.

In some embodiments, a first production team in the United states or other locations generates an encryption key or passphrase that is used to decrypt a particular cryptocurrency private key. The first team then uses the encryption key to generate an intermediate code that the other party can use to generate an encrypted private key, public key, and public address. For example, the currency card generator 733 may be used to generate an encryption key and an intermediary code (e.g., such as an agent re-encryption code). An encryption key is maintained for the card blank data 725, and the agent re-encryption code may be used by a separate, second production team to generate a ciphertext private key, an address that resolves to a public key based on the plaintext private key (e.g., when the ciphertext private key is decrypted by the encryption key). However, in some embodiments, the intermediate code cannot be used to obtain access to the encryption key needed to decrypt the ciphertext private key, or to otherwise obtain access to the plaintext form of the private key. In some embodiments, the first team then provides the intermediate code to a second team in Asian or other locations, or the intermediate code may be used in a second process to generate and store information on a separate storage medium. The first team and the second team do not have to be geographically distant since other isolation techniques may be used. For example, during a manufacturing cycle (e.g., of a batch of components of a cryptographic currency card), a first team may be isolated from a second team, and the respective terminal or computing system may clear data of the batch of components, e.g., to prevent any cross-referencing of a secret passphrase, private key, or intermediate code. A batch of components, such as a batch of tiles, may be manufactured within a set period of time (e.g., a shift, such as 4 or 8 hours), after which the team responsible for the batch may clear the corresponding data (e.g., to receive data for manufacturing the next batch).

In some embodiments, the cryptographic private key that may be printed on the bottom component of the multi-component patch is surrounded by the top component of the multi-component patch on which the master address is printed. The top component may include one or more tamper-resistant features such that once the bottom component is so surrounded by the top component, a party cannot access the ciphertext of the private key without activating the one or more features. Once the encrypted private key is printed on the bottom component and the multi-component patch with the master address printed on the top component is affixed to the card, with the top component positionally encompassing the bottom component (e.g., which may be visually apparent based on a window in the top component revealing an area of the bottom component corresponding to the window), the party in possession of the card cannot determine the ciphertext of the private key. In other words, the bottom component of the ciphertext containing the private key cannot be accessed or viewed without moving or removing the top component. If the top component is removed or moved, even slightly, in an attempt to access the ciphertext of the private key, a clearly visible honeycomb or other pattern (e.g., a 3D embossed pattern) may be revealed on the card, and the top component cannot re-adhere to the surface in its original appearance.

When generating the ciphertext private key, public key, and master address (or set of addresses) using intermediate code, in some embodiments, the second production team also generates a confirmation code that is returned to the first team. The first team may use the confirmation code to verify that the home address generated by the second production team is dependent on the encryption key or passphrase generated by the first team (and, therefore, may be used to decrypt the ciphertext private key code generated by the second team using the intermediary). In some embodiments, although the first team receives the confirmation code from the second team, the first team does not need to receive or access the ciphertext private key at any time, and thus, once the patch data 715 is discarded, the plaintext private key cannot be accessed without removing the tamper-resistant top component of the multi-component patch. Likewise, once the card blank data 725 including the encryption key is discarded (e.g., after the card blank is validated and engraved using the information corresponding to the patch information), and vice versa.

Although the second team generated the encrypted private key, public key, and public address, it did not have the ability to decrypt the encrypted private key, since it only has access to the intermediate code in this example. In some embodiments, the second team never has access to the private passphrase required to decrypt the private key. In some embodiments, after attaching the ciphertext private key and public address to the card via the multi-component patch, the second party sends the card to the first party. The first team then attaches the encryption key needed to decrypt the ciphertext private key to the card and sends the card to the customer and distributor. Thus, in these embodiments, the second team never obtains access to the encryption key needed to decrypt the ciphertext private key and access the funds on the card. The first team also cannot access the ciphertext private key for decryption without moving or removing the patch component that hides the ciphertext private key in a tamper-resistant manner.

As long as the tamper-resistant patch component that surrounds the private key has not been tampered with (this customer can easily see), and the tamper-resistant component that shields the encryption key has not been tampered with, the user of the physical currency card can be assured that no one has access to both the encryption key and the ciphertext private key throughout the manufacturing and supply chain to obtain the plaintext private key of the card. This is expected to ensure the integrity of the card and enhance the security of the digital anonymous assets transferred to the card by the user.

Thus, for example, various ones of the printer system 710, card system 720, and issuer system 730 may be operated by different teams, and the system may be further subdivided, e.g., according to manufacturing process technology, into two or more components or systems operated by two or more teams to enhance the security of the cryptocurrency card as described above. Further, one or more of the

systems

710, 720, 730 may be cold systems or include one or more cold components that are not accessible from the network 101 (although not forgoing exchanging data between different systems in a secure manner over the network 101, such as by asymmetric cryptography, by which only a given party may access a corresponding portion of encrypted data that may itself be encrypted).

FIG. 8 illustrates an example computing system 1000 in accordance with embodiments of the present technology. Various portions of the systems and methods described herein may include or be executed on one or more computer systems similar to computing system 1000. Further, the processes and modules described herein may be performed by one or more processing systems similar to one or more processing systems of computing system 1000.

Computing system 1000 may include one or more processors (e.g., processors 1010 a-1010 n) coupled to a system memory 1020, an input/output (I/O) device interface 1030, and a network interface 1040 via an I/O interface 1050. The processor may comprise a single processor or multiple processors (e.g., distributed processors). The processor may be any suitable processor capable of executing or otherwise executing instructions. The processor may include a Central Processing Unit (CPU) that executes program instructions to perform arithmetic, logical, and input/output operations of the computing system 1000. The processor may execute code (e.g., processor firmware, protocol stacks, database management systems, operating systems, or a combination thereof) that creates an execution environment for the program instructions. The processor may comprise a programmable processor. The processor may comprise a general purpose microprocessor or a special purpose microprocessor. A processor may receive instructions and data from a memory (e.g., system memory 1020). Computing system 1000 may be a single-processor system including one processor (e.g., processor 1010a), or a multi-processor system including any number of suitable processors (e.g., 1010a through 1010 n). Multiple processors may be employed to provide parallel or sequential execution of one or more portions of the techniques described herein. The processes, e.g., logic flows, described herein can be performed by one or more programmable processors executing one or more computer programs to perform functions by operating on input data and generating corresponding output. The processes described herein can be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit). Computing system 1000 may include multiple computing devices (e.g., a distributed computer system, which may also be decentralized) to implement various processing functions.

I/O device interface 1030 may provide an interface for connecting one or more I/O devices 1060 to computer system 1000. An I/O device may include a device that receives input (e.g., from a user) or outputs information (e.g., to a user). The I/O devices 1060 may include, for example, a graphical user interface, a pointing device (e.g., a computer mouse or a trackball), a keyboard, a touchpad, a scanning device, a voice recognition device, a gesture recognition device, a printer, an audio speaker, a microphone, a camera, and so forth, presented on a display (e.g., a Cathode Ray Tube (CRT) or Liquid Crystal Display (LCD) monitor). The I/O devices 1060 may be connected to the computer system 1000 through a wired connection or a wireless connection. I/O devices 1060 may be connected to computer system 1000 from a remote location. I/O devices 1060 located on a remote computer system may be connected to computer system 1000 via, for example, a network and network interface 1040.

Network interface 1040 may include a network adapter that provides a connection for computer system 1000 to a network. Network interface 1040 may facilitate the exchange of data between computer system 1000 and other devices connected to a network. Network interface 1040 may support wired or wireless communications. The network may include an electronic communications network such as the internet, a Local Area Network (LAN), a Wide Area Network (WAN), a cellular communications network, and the like.

The system memory 1020 may be configured to store program instructions 1100 or data 1110. The program instructions 1100 may be executable by a processor (e.g., one or more of the processors 1010 a-1010 n) to implement one or more embodiments of the present technology. The instructions 1100 may include modules of computer program instructions for implementing one or more of the techniques described herein with respect to various processing modules. The program instructions may comprise a computer program (which in some forms is referred to as a program, software application, script, or code). A computer program can be written in a programming language, including compiled or interpreted languages, or declarative or procedural languages. A computer program may include elements suitable for use in a computing environment, including elements that are stand-alone programs, modules, components, or subroutines. The computer program may or may not correspond to a file in a file system. A program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document), in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code). A computer program can be deployed to be executed on one or more computer processors that are located at one site or distributed across multiple remote sites and interconnected by a communication network.

The system memory 1020 may include a tangible program carrier having program instructions stored thereon. The tangible program carrier may include a non-transitory computer readable storage medium. The non-transitory computer readable storage medium may include a machine-readable storage device, a machine-readable storage substrate, a storage device, or any combination thereof. Non-transitory computer-readable storage media may include non-volatile memory (e.g., flash memory, ROM, PROM, EPROM, EEPROM memory), volatile memory (e.g., Random Access Memory (RAM), Static Random Access Memory (SRAM), synchronous dynamic RAM (sdram)), mass storage memory (e.g., CD-ROM and/or DVD-ROM, hard drives), and so forth. The system memory 1020 may include a non-transitory computer-readable storage medium that may have stored thereon program instructions that are executable by a computer processor (e.g., one or more of the processors 1010 a-1010 n) to cause the subject matter and the functional operations described herein. The memory (e.g., system memory 1020) may include a single memory device and/or multiple memory devices (e.g., distributed memory devices). Instructions or other program code providing the functionality described herein may be stored on a tangible, non-transitory computer-readable medium. In some cases, the entire set of instructions may be stored on the medium at the same time, or in some cases, different portions of the instructions may be stored on the same medium at different times.

The I/O interface 1050 may be configured to coordinate I/O traffic between the processors 1010a-1010n, the system memory 1020, the network interface 1040, the I/O devices 1060, and/or other peripheral devices. The I/O interface 1050 may perform protocol, timing, or other data transformations to convert data signals from one component (e.g., the system memory 1020) into a format suitable for use by another component (e.g., the processors 1010a-1010 n). The I/O interface 1050 may include support for devices attached through various types of peripheral buses, such as a variant of the Peripheral Component Interconnect (PCI) bus standard or the Universal Serial Bus (USB) standard.

Embodiments of the techniques described herein may be implemented using a single instance of computer system 1000 or multiple computer systems 1000 configured to host different portions or instances of the embodiments. Multiple computer systems 1000 may provide parallel or sequential processing/execution of one or more portions of the techniques described herein.

Those skilled in the art will appreciate that computer system 1000 is illustrative only and is not intended to limit the scope of the technology described herein. Computer system 1000 may include any combination of devices or software that can perform or otherwise provide for performance of the techniques described herein. For example, the computer system 1000 may include or be a combination of: a cloud computing system, a data center, a server rack, a server, a virtual server, a desktop computer, a laptop computer, a tablet computer, a server device, a client device, a mobile phone, a Personal Digital Assistant (PDA), a mobile audio or video player, a gaming console, an in-vehicle computer, or a Global Positioning System (GPS), among others. The computer system 1000 may also be connected to other devices not shown, or may be used as a stand-alone system. Further, the functionality provided by the illustrated components may be combined in fewer components or distributed in additional components in some embodiments. Similarly, in some embodiments, the functionality of some of the illustrated components may not be provided, or other additional functionality may be available.

Those skilled in the art will also appreciate that while various items are shown in use as being stored in or on memory, these items or portions of these items may be transferred between memory and other storage devices for purposes of memory management and data integrity. Alternatively, in other embodiments, some or all of the software components may execute in memory on another device and communicate with the illustrated computer system via inter-computer communication. Some or all of the system components or data structures may also be stored (e.g., as instructions or structured data) on a computer-accessible medium or a portable article to be read by an appropriate drive, various examples of which are described above. In some embodiments, instructions stored on a computer-accessible medium separate from computer system 1000 may be transmitted to computer system 1000 via a transmission medium or signal such as an electrical, electromagnetic, or digital signal, transmitted via a communication medium such as a network or a wireless link. Various embodiments may also include receiving, transmitting or storing instructions or data implemented in accordance with the foregoing description upon a computer-accessible medium. Thus, the present techniques may be practiced with other computer system configurations.

In a block diagram, the illustrated components are depicted as discrete functional blocks, but the embodiments are not limited to a system in which the functions described herein are organized as shown. The functionality provided by each of the components may be provided by software or hardware modules that are organized differently than as presently depicted, e.g., such software or hardware may be mixed, joined, duplicated, decomposed, distributed (e.g., within a data center or across geographically or (e.g., decentralized) disparate parties), or otherwise organized. The functions described herein may be provided by one or more processors of one or more computers executing code stored on a tangible, non-transitory, machine-readable medium. In some cases, although the singular term "medium" is used, the instructions may be distributed over different storage devices associated with different computing devices, e.g., where each computing device has a different subset of instructions, implementations consistent with the singular term "medium" herein. In some cases, a third party content delivery network may host some or all of the information communicated over the network, in which case, in terms of information (e.g., content) provided or otherwise provided in accordance with the offer, the information may be provided by sending instructions to retrieve the information from the content delivery network.

The reader should understand that this application describes several independently useful techniques. The applicant has not divided these technologies into separate patent applications but has combined these technologies into one document because their related subject matter contributes to the economy of the application process. But should not be read to outweigh the unique advantages and aspects of such technology. In some cases, embodiments address all of the deficiencies noted herein, but it should be understood that these techniques are independently useful, and that some embodiments address only a subset of such issues or provide other non-mentioned benefits that will be apparent to those skilled in the art upon review of the present disclosure. Because of cost limitations, some of the techniques disclosed herein may not be claimed at present, and may be claimed in a later application, such as a continuation of the application or by amendment of the present claims. Similarly, the abstract and the summary of the disclosure should not be considered a comprehensive listing of all such technologies or aspects of such technologies, for any reason limited by space.

It should be understood, that the description and drawings are not intended to limit the present technology to the particular forms disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the present technology as defined by the appended claims. Other modifications and alternative embodiments of various aspects of the technology will be apparent to those skilled in the art in view of this description. Accordingly, the description and drawings are to be construed as illustrative only and are for the purpose of teaching those skilled in the art the general manner of carrying out the present technology. It is to be understood that the forms of the present technology shown and described herein are to be taken as examples of embodiments. Elements and materials may be substituted for those illustrated and described herein, parts and processes may be reversed or omitted, and certain features of the technology may be utilized independently, all as would be apparent to one skilled in the art after having the benefit of this description of the technology. Changes may be made in the elements described herein without departing from the spirit and scope of the present technology as described in the following claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description.

As used throughout this application, the word "may" is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). The words "including", "comprising" and "includes" and the like are meant to include, but are not limited to. As used throughout this application, the singular forms "a," "an," and "the" include plural referents unless the content clearly dictates otherwise. Thus, for example, reference to "an element" or "an element" includes a combination of two or more elements, although other terms and phrases, such as "one or more," may be used for one or more elements. Unless otherwise indicated, the term "or" is non-exclusive, i.e., includes both "and" or ". Terms describing conditional relationships such as "in response to X, Y", "on X, Y", "if X, Y", "when X, Y", etc., include causal conditions where a antecedent is necessary, a antecedent is a sufficient causal condition, or an antecedent is a causal condition of a successor, e.g., "state X appears when condition Y is obtained" broadly means "X appears only when Y is obtained" and "X appears when Y and Z are obtained". This conditional relationship is not limited to the immediately following antecedent acquisition, as some antecedents may be delayed, and antecedents are related to their successors in the statement of condition, e.g., antecedents are related to the likelihood of the successor occurring. Unless otherwise stated, a statement that maps multiple attributes or functions to multiple objects (e.g., one or more processors performing steps A, B, C and D) includes both all such attributes or functions mapped to all such objects and a subset of attributes or functions mapped to a subset of attributes or functions (e.g., where all processors each perform steps a through D, and where processor 1 performs step a, processor 2 performs step B and part C, and processor 3 performs part of step C and step D). Furthermore, unless otherwise specified, a statement that a value or action is "based on" another condition or value includes both the case where the condition or value is the only factor and the case where the condition or value is one of the factors. Unless otherwise stated, the statement that "each" instance of a set has certain properties should not be read to exclude the case that some other identical or similar member of the larger set does not have that property, i.e., each does not necessarily mean each and every one. Unless expressly stated otherwise, limitations on the order of enumerated steps should not be read into the claims, e.g., using explicit language such as "execute Y after execution of X," as opposed to statements that may inappropriately argue as implying order limitations such as "execute X on an item, execute Y on an item that has executed X," for making the claims more readable rather than specifying an order. A statement that references "A, B and at least Z of C," etc. (e.g., "A, B or at least Z of C") refers to at least Z of the listed categories (A, B, and C) and does not require at least Z units in each category. Unless specifically stated otherwise, as apparent from the discussion, it is appreciated that throughout the description, discussions utilizing terms such as "processing," "computing," "calculating," "determining," or the like, refer to the action and processes of a specific apparatus, such as a special purpose computer or a similar special purpose electronic processing/computing device. Features described with reference to geometric configurations, such as "parallel," "perpendicular," "square," "cylindrical," and the like, should be construed to include items that substantially characterize the geometric configurations, such as references to "parallel" surfaces including substantially parallel surfaces. The allowable range of deviation of these geometries from the pareto ideal would be determined with reference to ranges in the specification, and if such ranges are not specified, with reference to industry specifications of the field of use, and if such ranges are not defined, with reference to industry specifications of the field of manufacture of the specified features, and if such ranges are not defined, the features that substantially embody the geometric construction should be construed as including those features within 15% of the defined attributes of the geometric construction. The terms "first," "second," "third," "given," and the like, if used in the claims, are used for distinguishing or otherwise identifying, and not necessarily for describing a sequential or numerical limitation. As is common usage in the art, the data structures and formats described with reference to significant use by humans need not be presented in a human understandable format to constitute the described data structures or formats, e.g., text need not be presented or even encoded in Unicode or ASCII to constitute text; the image, map and data visualizations need not be displayed or decoded to constitute the image, map and data visualizations, respectively; speech, music and other audio need not be emitted or decoded through a speaker to constitute speech, music or other audio, respectively. Computer-implemented instructions, commands, etc. are not limited to executable code and may be implemented in the form of data that causes a function to be invoked, e.g., in the form of parameters of a function or API call, and a reason (e.g., in a request) or a corresponding result (e.g., in a response) may be conveyed in whole or in part (e.g., a reason may be conveyed by one or more requests and a result may be conveyed in one or more responses, which need not have a direct correspondence). Similarly, reference to a "computer system" that performs step a and a "computer system" that performs step B may include the same computing device within the computer system that performs both steps or different computing devices within the computer system that performs steps a and B.

In this patent, where any U.S. patent, U.S. patent application, or other material (e.g., article) has been incorporated by reference, the text of such material is incorporated by reference only if there is no conflict between such material and the statements and drawings presented herein. In the event of such conflict, the text of this document controls, and no narrower understanding of the terms in this document should be had based on the manner in which they are used in other materials incorporated by reference.

The exemplary enumerated embodiments disclosed above include, but are not limited to, the following embodiments:

1. an apparatus, comprising: a physical card having a surface area of a first size corresponding to a face of the card; a patch comprising a plurality of layers, the plurality of layers comprising: a first adhesive layer having a surface area of a second size smaller than the first size, the first adhesive layer adhering to a corresponding area on a face of the card; a first printed layer having a surface area similar to the second size, the first printed layer disposed over the first adhesive layer and including a hidden information portion provided with at least some private information; a second adhesive layer having a surface area of a third size smaller than the first size and larger than the second size, wherein the second adhesive layer is disposed over the first printed layer, covers the hidden information portion of the first printed layer, extends beyond the first printed layer on at least three sides, and adheres to a corresponding surface area on a face of the card; and a second printed layer having a surface area similar to the third size, wherein the second printed layer is disposed over the second adhesive layer and includes a common information portion provided with at least some common information; wherein at least one of the layers disposed above the first printed layer, among the plurality of layers, comprises means for indicating tampering.

2. The apparatus as disclosed above, wherein: on the face of the card, a color chip is provided in at least the corresponding area to which the second adhesive layer is adhered.

3. The apparatus as disclosed above, wherein: the second adhesive layer includes the means for indicating tampering, the means for indicating tampering including: a first pattern associated with at least a portion of the surface area to which the second adhesive layer is adhered; and a corresponding second pattern associated with an adjacent layer above the second adhesion layer.

4. The apparatus as disclosed above, wherein: a second adhesive layer configured to: setting the first pattern and setting the second pattern in response to lifting the adjacent layer from the face of the card in one or more portions of the surface area to which the second layer of adhesive is adhered.

5. The apparatus as disclosed above, wherein: a first pattern configured to be visible on a face of the card in response to lifting the adjacent layer away from the face of the card.

6. The apparatus as disclosed above, wherein: a corresponding second pattern configured to be visible through each layer over the second adhesive layer in at least some areas of the patch in response to lifting the adjacent layer away from the face of the card.

7. The apparatus of any of claims 1-4, further comprising second private information disposed on a face of the card.

8. The device as disclosed above, wherein the second private information is hidden by at least one layer provided above a first printed layer comprising the tamper-evident device, and the second private information is provided on a face of the card in a surface area corresponding to the first adhesive layer;

9. the apparatus disclosed above wherein the second private information is hidden by a second means for indicating tampering, the second private information being disposed within an area of the card not corresponding to either adhesive layer, the tamper-resistant component masking the second private information.

10. The apparatus as disclosed above, wherein: the first private information ciphertext, the second private information is an encryption key, and the encryption key is usable to decrypt the ciphertext to obtain private access information in plaintext form usable to transfer a digital asset from one account to another.

11. A multi-component patch, comprising: a first component, the first component comprising: a first adhesive layer; a first printing layer disposed over the first adhesive layer and including: a hidden information portion on which at least some private information is provided during printing of the first printed layer; and a first common information portion on which an identifier is set during printing of the first print layer; and a second assembly comprising: a second adhesive layer disposed over the first printed layer and covering the hidden information portion of the first printed layer and extending beyond at least a portion of the perimeter of the first printed layer; and a second printed layer disposed over the second adhesive layer and including a second common information portion on which at least an identifier is disposed during a second process, wherein the second component includes a tamper-resistant feature in at least one layer and a window portion aligned with the first common information portion of the first printed layer.

12. The patch according to the above disclosure, wherein: the first component formed on a first substrate, the second component formed on a second substrate, and the second component aligned with the first component based on the window, the identifier disposed on the first printed layer being visible within a window portion of the second component.

13. The patch according to the above disclosure, wherein: the first component is formed on a substrate by sequentially disposing the first layers on the substrate, and the second component is formed on the substrate by sequentially disposing the second layers on the substrate, encapsulating the first component.

14. The patch according to the above disclosure, wherein: the window is cut to a depth corresponding to the thickness of the second component in an area corresponding to the first common information portion, the identifier provided on the first printed layer being visible within the window portion of the second component.

15. The patch according to the above disclosure, wherein: the window corresponds to a transparent portion of the second component, the identifier disposed on the first printed layer is visible within the window portion of the second component, and the non-transparent portion of the second component corresponds to an area of the hidden information portion.

16. The patch according to the above disclosure, wherein: at least some private information disposed within the hidden information portion of the first printed layer is associated with at least some information disposed within the second public information portion of the second printed layer, and a match between the identifier disposed on the first printed layer and the identifier disposed on the second printed layer indicates a correspondence of the private information to at least some information disposed within the second public information portion, the identifier disposed on the first printed layer being visually inspectable within the window portion without activating the tamper-resistant feature, and the identifier disposed on the second printed layer being visually inspectable without activating the tamper-resistant feature.

17. The patch according to the above disclosure, wherein: the second adhesive layer includes the anti-tamper feature that keeps a first pattern adhered to a substrate to which the second adhesive layer is securely adhered and a corresponding second pattern adhered to an adjacent layer above the second adhesive layer.

18. The patch according to the above disclosure, wherein: in one or more of the corresponding regions where the second adhesive layer adheres to the substrate, the first and second patterns are revealed when an adjacent layer above the second adhesive layer is lifted off the substrate.

19. The patch according to the above disclosure, wherein: the first pattern is visible on the substrate when an adjacent layer above the second adhesion layer is lifted off the substrate.

20. The patch according to the above disclosure, wherein: the corresponding second pattern is visible in at least some areas within the second component when an adjacent layer above the second adhesive layer is lifted off from the substrate.

21. An apparatus, comprising: a metal card; a first machine-readable optical code depicted on the metal card and indicative of a private key of a public-private cryptographic key pair; first means for indicating tampering with and concealing said first optical code disposed on said metal card; and a second machine-readable optical code depicted on the metal card and indicative of a public key of a public-private cryptographic key pair.

22. The apparatus as disclosed above, wherein: the second machine-readable optical code is coupled with a portion of the device for indicating tampering that conceals the first machine-readable optical code; and the second machine-readable optical code is a QR code.

23. The apparatus according to the above disclosure, comprising: a symmetric encryption key depicted on the metal card; second means for indicating tampering with and concealing at least a portion of the symmetric encryption key disposed on the metal card; and the first machine-readable optical code encoding a ciphertext in which the private key is encrypted with the symmetric encryption key.

24. The apparatus according to the above disclosure, comprising: a peer node of the decentralized computing platform stores in memory at least a portion of a distributed ledger of recorded transactions in which the encrypted commerce pass has been transferred to an account on the decentralized computing platform corresponding to a public key of a public-private encryption key pair, wherein the decentralized computing platform is operable to transfer the encrypted commerce pass out of the account in response to proving possession of a party having the private encryption key.

Additional exemplary enumerated embodiments disclosed above include, but are not limited to, the following:

1. a method, comprising: obtaining, by a computer system located at a first geographic location, a passphrase; generating, by the computer system located at a first geographic location, a midamble based on the passphrase, wherein: the intermediate code does not reveal the passphrase and is configured to encrypt plaintext to form ciphertext decryptable by the passphrase; obtaining, by a computer system at a second geographic location, the intermediate code and a private encryption key of a public-private encryption key pair, wherein: the second geographic location is different from the first geographic location, the passphrase is inaccessible to a computer system located at the second geographic location, and the public-private encryption key pair comprises a public encryption key corresponding to a wallet address of a decentralized computing platform; forming, by the computer system located at the second geographic location, an encrypted private key cryptogram by encrypting the private encryption key with the intermediate code; printing the encrypted private key ciphertext on a first substrate, wherein: the encrypted private key ciphertext does not reveal the private encryption key, and the encrypted private key ciphertext may be decrypted with the passphrase to reveal the private encryption key in plaintext form; printing the passphrase on a second substrate at a different geographic location than printing the encrypted private key ciphertext on the first substrate; concealing the passphrase printed on the second substrate or the encrypted private key cryptogram printed on the first substrate with a tamper-resistant mask; obtaining the first substrate and the second substrate at the same geographic location after concealing with a tamper-resistant mask a passphrase printed on the second substrate or an encrypted private key ciphertext printed on the first substrate; and attaching the first substrate to the second substrate.

2. The method of claim 1, wherein: the first substrate or the second substrate is a metal card.

3. The method of claim 2, wherein: the encrypted private key ciphertext or the pass phrase is printed on the metal card through engraving.

4. The method of claim 1, wherein the encrypted private key ciphertext is inaccessible to a person or computer system having access to the passphrase without tampering with the tamper-resistant masker; or the passphrase is inaccessible to a person or computer system having access to the encrypted private key ciphertext without tampering with the tamper-resistant masker.

5. The method of claim 1, wherein: the first geographic location is in a first country; the second geographic location is in a second country different from the first country; printing the encrypted private key cryptogram does not occur in the first country; and printing the passphrase on the second substrate does not occur in the second country.

6. The method of claim 1, wherein the first substrate with the encrypted private key cryptogram and the second substrate with the passphrase are not in the same country prior to concealing the passphrase printed on the second substrate or the encrypted private key cryptogram printed on the first substrate with a tamper-resistant mask.

7. The method of claim 1, wherein: the first substrate is a card; the second substrate is a patch; and the tamper-evident masking includes means for indicating tampering.

8. The method of claim 1, wherein the first substrate is a patch; the second substrate is a card; and the tamper-evident masking includes means for indicating tampering.

9. The method of claim 1, wherein: generating the intermediate code includes generating an agent re-encryption code.

10. The method of claim 1, wherein: the encrypted private key ciphertext may not be decrypted with the intermediate code to reveal the private key in the clear.

11. A computer-based system or non-transitory computer-readable medium implementing one or more of the above-described operations of the method.

1. an apparatus, comprising: a physical card having a surface area of a first size corresponding to a face of the card; a patch comprising a plurality of layers, the plurality of layers comprising: a first adhesive layer having a surface area of a second size smaller than the first size, the first adhesive layer adhering to a corresponding area on the face of the card; a first printed layer having a surface area of approximately the second size, the first printed layer disposed over the first adhesive layer and including a hidden information portion having at least some private information disposed thereon; a second adhesive layer having a surface area of a third size smaller than the first size and larger than the second size, wherein the second adhesive layer is disposed over the first printed layer, covers the hidden information portion of the first printed layer, extends beyond the first printed layer on at least three sides, and is affixed to a corresponding surface area on a face of the card; and a second printed layer having a surface area of approximately a third size, wherein the second printed layer is disposed over the second adhesive layer and includes a public information portion provided with at least some public information; wherein, of the plurality of layers, at least one of the layers disposed above the first printed layer includes means for indicating tampering.

2. The apparatus of claim 1, wherein: on the side of the card, a color plate is disposed in at least the corresponding area to which the second adhesive layer is adhered.

3. The apparatus of claim 1, wherein: a second adhesive layer comprising means for indicating tampering, said means for indicating tampering comprising: a first pattern associated with at least a portion of the surface area to which it is adhered; and a corresponding second pattern associated with an adjacent layer above the second adhesion layer.

4. The apparatus of claim 3, comprising one or more of: a second adhesive layer configured to provide the first pattern and to provide the second pattern in response to lifting the adjacent layer from the face of the card in one or more portions of the surface area to which the second adhesive layer is adhered; a first pattern configured to be visible on a face of the card in response to lifting the adjacent layer from the face of the card; and a corresponding second pattern configured to be visible through each layer above the second adhesive layer in at least some areas of the patch in response to lifting the adjacent layer from the face of the card.

5. The apparatus of any of claims 1-4, further comprising second private information disposed on a face of the card, wherein: the second private information is hidden by at least one layer disposed over a first printed layer comprising the tamper-evident device, and the second private information is disposed on a face of the card within a surface region corresponding to the first adhesive layer; the first private information is ciphertext, the second private information is an encryption key, and the encryption key is operable to decrypt the ciphertext to obtain private access information in plaintext form, the private access information operable to transfer a digital asset from one account to another account.

6. The apparatus of any of claims 1-4, further comprising second private information disposed on a face of the card, wherein: the second private information is hidden by a second means for indicating tampering, the second private information being provided in an area of the card not corresponding to any of the adhesive layers. The first private information is ciphertext, the second private information is an encryption key, and the encryption key is operable to decrypt the ciphertext to obtain private access information in plaintext form, the private access information operable to transfer a digital asset from one account to another account.

7. The device of claim 1, wherein the patch is a multi-component patch comprising: a first component, the first component comprising: the first adhesive layer; and the first printed layer further comprising a first common information portion on which an identifier is provided during printing of the first printed layer; and a second assembly comprising: the second adhesive layer; the second printed layer further comprising a second common information portion on which at least the identifier is provided during printing of the second printed layer; and a window portion positioned to correspond to the first common information portion of the first printing layer.

8. The apparatus of claim 7, wherein: the first component formed on a first substrate, the second component formed on a second substrate, and the second component aligned with the first component based on the window, the identifier disposed on the first printed layer being visible within a window portion of the second component.

9. The apparatus of claim 7, wherein: the first component is formed on a substrate by sequentially disposing the first layers on the substrate, and the second component is formed on the substrate by sequentially disposing the second layers on the substrate, encapsulating the first component.

10. The apparatus of any one of claims 7-9, wherein: a window cut to a depth corresponding to a thickness of the second component in an area corresponding to the first common information portion, the identifier disposed on the first printed layer being visible within the window portion of the second component.

11. The apparatus of any one of claims 7-9, wherein: the window corresponds to a transparent portion of the second component, the identifier disposed on the first printed layer is visible within the window portion of the second component, and the non-transparent portion of the second component corresponds to an area of the hidden information portion.

12. The apparatus of any one of claims 7-9, wherein: at least some of the private information disposed within the hidden information portion of the first printed layer is associated with at least some of the information disposed within the second public information portion of the second printed layer, and a match between the identifier disposed on the first printed layer and the identifier disposed on the second printed layer indicates a correspondence between the private information and at least some of the information disposed within the second public information portion, the identifier disposed on the first printed layer being accessible for visual inspection within the window portion without activating the tamper-resistant feature, and the identifier disposed on the second printed layer being accessible for visual inspection without activating the tamper-resistant feature.

13. The apparatus of any one of claims 7-9, wherein: the second adhesive layer includes the anti-tamper features that maintain a first pattern adhered to a substrate to which the second adhesive layer is securely adhered and a corresponding second pattern adhered to an adjacent layer above the second adhesive layer.

14. The apparatus of claim 13, wherein: the first and second patterns are revealed when an adjacent layer above the second adhesive layer is lifted from the substrate in one or more of the corresponding regions to which the second adhesive layer is adhered.

15. The apparatus of any one of claims 1 or 7, wherein: the object card is a metal card; the symmetric encryption key is arranged on the metal card; a removable mask is disposed on the metal card to hide at least a portion of the symmetric encryption key; and the private information includes ciphertext corresponding to a private key encrypted with the symmetric encryption key, the private key being a private key of a key pair having a public key corresponding to at least some of the public information of the second print layer.

1. An apparatus, comprising: a first substrate comprising: setting a cipher text, and not revealing private access information corresponding to the cipher text, wherein the cipher text can be decrypted through a passphrase to reveal the private access information in a plaintext form; and a second substrate comprising a set code, the set code indicating or being the passphrase; wherein: the first substrate is secured to the second substrate and at least one of the code or the ciphertext is concealed.

2. The apparatus of claim 1, further comprising: a physical card as the second substrate having a surface area of a first size corresponding to a face of the card, the physical card including a first unique identifier and the code; a tamper-resistant masking member secured to a face of the card and concealing the code; and a tamper-proof patch as the first substrate fixed to a face of the card, the tamper-proof patch including: a bottom component secured to a face of the card, the bottom component including a second unique identifier and a ciphertext of the private access information; and a tamper-resistant top assembly comprising: a first portion to hide a ciphertext of the private access information and to include public access information and a third unique identifier; a second portion surrounding the base assembly and secured to a face of the card; and a third portion within which a second unique identifier of the bottom component is visible while a ciphertext of the private access information is hidden, wherein a correspondence of values of the unique identifier indicates a correspondence between the ciphertext of the private access information and the public access information.

3. The apparatus of any of claims 1-2, wherein: the code can be used to verify the authenticity of the published pairing of the first substrate and the second substrate.

4. The apparatus of any of claims 1-2, wherein: the code is an encryption key that may be used to decrypt ciphertext of the private access information to obtain the private access information in plaintext form, and a first portion of the encryption key may be used as a passcode.

5. The apparatus of any of claims 1-2, wherein the code is concealed by a tamper-resistant mask comprising one or more of: a tamper-resistant feature that is activated within a corresponding portion of the mask when a user reveals a portion of the code; a scraping surface, wear of which reveals a corresponding portion of the concealed code; or a tamper-resistant adhesive, lifting a portion of a tamper-resistant mask having the tamper-resistant adhesive from the second substrate, thereby revealing a first pattern within the portion of the mask and a corresponding second pattern on the second substrate.

6. The apparatus of claim 2, wherein the correspondence of the values of the unique identifiers is a match of the same value across each of the unique identifiers.

7. The apparatus of any of claims 1-2, wherein: the first substrate is a component of a patch; the second substrate is a metal card; and the components of the patch are adhesively secured to the metal card.

8. A method, comprising: obtaining, by a computer system located at a first geographic location, a passphrase; generating, by the computer system located at a first geographic location, a midamble based on the passphrase, wherein: the intermediate code does not reveal the passphrase and is configured to encrypt plaintext to form ciphertext decryptable by the passphrase; obtaining, by a computer system at a second geographic location, the intermediate code and a private encryption key of a public-private encryption key pair, wherein: the second geographic location is different from the first geographic location, the passphrase is inaccessible to a computer system located at the second geographic location, and the public-private encryption key pair comprises a public encryption key corresponding to a wallet address of a decentralized computing platform; forming, by the computer system located at the second geographic location, an encrypted private key cryptogram by encrypting the private encryption key with the intermediate code; printing the encrypted private key ciphertext on a first substrate, wherein: the encrypted private key ciphertext does not reveal the private encryption key, and the encrypted private key ciphertext may be decrypted with the passphrase to reveal the private encryption key in plaintext form; printing the passphrase on a second substrate at a different geographic location than printing the encrypted private key ciphertext on the first substrate; concealing the passphrase printed on the second substrate or the encrypted private key cryptogram printed on the first substrate with a tamper-resistant mask; obtaining the first substrate and the second substrate at the same geographic location after concealing with a tamper-resistant mask a passphrase printed on the second substrate or an encrypted private key ciphertext printed on the first substrate; and attaching the first substrate to the second substrate.

9. The method of claim 8, wherein: the first substrate or the second substrate is a metal card, and the encrypted private key ciphertext or the passphrase is printed on the metal card by engraving.

10. The method of claim 8, wherein: without tampering with the tamper-resistant mask, the encrypted private key ciphertext is inaccessible to a person and a computer system having access to the passphrase; or the passphrase is inaccessible to a person or computer system having access to the encrypted private key ciphertext without tampering with the tamper-resistant masker.

11. The method of claim 8, wherein: the first geographic location is in a first country; the second geographic location is in a second country different from the first country; printing the encrypted private key cryptogram does not occur in the first country; and printing the passphrase on the second substrate does not occur in the second country.

12. The method of any one of claims 8-11, wherein: the first substrate with the encrypted private key cryptogram and the second substrate with the passphrase are not in the same country prior to concealing the passphrase printed on the second substrate or the encrypted private key cryptogram printed on the first substrate with a tamper-resistant mask.

13. The method of any one of claims 8-11, wherein: the first substrate is a card; the second substrate is a patch; and the tamper-evident masking includes means for indicating tampering.

14. The method of any one of claims 8-11, wherein: the first substrate is a patch; the second substrate is a card; and the tamper-evident masking includes means for indicating tampering.

15. The method of any one of claims 8-11, wherein: generating the intermediate code includes generating a proxy re-encryption code, and the encrypted private key ciphertext cannot be decrypted with the intermediate code to reveal the private key in plaintext form.

1. a tangible, non-transitory, machine-readable medium storing instructions that, when executed by one or more processors, perform operations to facilitate multi-address access from a single address of a physical currency card, the operations comprising: deterministically generating, by the computer system, a public encryption key based on information corresponding to a private encryption key, the public encryption key and the private encryption key being members of an asymmetric cryptographic key pair (encryption cryptographic key pair); deterministically generating, by the computer system, a set of addresses based on a common cryptographic key, each of at least a plurality of addresses in the set of addresses corresponding to a different user account of a different decentralized computing platform; selecting, by the computer system, a master address from the set of addresses to be depicted on a physical card, the physical card further depicting information from which the private encryption key is accessible; deterministically generating, by the computer system, a record identifier that corresponds to the physical card and is based on information resident on the physical card other than the private key or the public key; storing, by the computer system, within a database, a record associated with the record identifier, the record including the set of addresses or information from which the set of addresses can be derived; receiving, by the computer system, a request for an additional address from a user computing device, the request uniquely identifying the record identifier; and sending, by the computer system, a response to the user device including one or more addresses of a set of addresses different from the primary address.

2. The media of claim 1, wherein the user computing device executes a native application configured to: scanning a main address arranged on the physical card; generating a request without obtaining a private encryption key corresponding to the physical card or generating a request without obtaining a public encryption key corresponding to the physical card; in response to receiving the response, associating one or more addresses of a set of addresses different from the master address with a wallet account corresponding to the physical card; receiving a selection of a representation of a given scanned physical card; and generating a user interface that displays a balance of the respective addresses associated with the given scanned physical card.

3. The media of any of claims 1-2, wherein the native application is further configured to: generating a user interface that displays representations of the physical card and one or more other scanned physical cards; and determining a balance associated with each scanned physical card among the plurality of addresses received for the respective scanned physical card.

4. The medium of any of claims 1-2, further comprising one or more of: generating a public encryption key based on information corresponding to the private encryption key comprises generating a public encryption key without accessing the private encryption key; and generating the public encryption key based on the intermediate code and a ciphertext corresponding to the private encryption key.

5. The media of any of claims 1-2, wherein the operations further comprise: obtaining a record associated with the record identifier from the database; in response to obtaining the record, updating a request count associated with the record; and sending an indication of a request count in the response to the user computing device, wherein obtaining the record comprises: based on the record identifier, requesting a corresponding record from the database includes requesting a record within a data store of a decentralized computing platform.

6. The media of any of claims 1-2, wherein the operations further comprise: obtaining a record associated with the record identifier from the database; in response to obtaining the record, updating a request count associated with the record; and sending an indication of the request count in the response to the user computing device, and wherein: the record identification is based on a verification code provided on the physical card and a unique identifier provided on the physical card, and updating a request count associated with the record includes one or more of: initializing or incrementing the request count and causing a decentralized computing platform corresponding to the primary address to store an indication of the request count associated with the primary address.

7. The media of any of claims 1-2, wherein the operations further comprise: the private encryption key is determined by generating a value having an entropy exceeding 128 bits.

8. The medium of any one of claims 1-2, wherein: the record comprising information from which the set of addresses can be derived; and the operations further comprise: in response to a request for an additional address, at least one address is derived in the set based on at least some of the information from which the set of addresses may be derived.

9. The media of any of claims 1-2, wherein the operations further comprise: a step for deriving a plurality of addresses from a single value.

10. The media of any of claims 1-2, wherein the operations comprise: forming a first address in the set of addresses based on a Keccak-256 hash, the Keccak-256 hash based on the public encryption key; forming a second address based on a ripemm-160 hash of a SHA-256 hash in the set of addresses, the SHA-256 hash being based on the public encryption key, the second address also being based on a checksum, the checksum being based on the ripemm-160 hash, and the second address having Base58 encoding based on a first dictionary; and forming a third address having a Base58 encoding and checksum in the set of addresses, the Base58 encoding and checksum both based on the common encryption key, the Base58 encoding of the third address based on a second dictionary different from the first dictionary.

11. The media of claim 1, wherein the operations comprise: authenticating the physical currency card in response to a request for an additional address or in response to a request to authenticate the physical currency card, the authenticating comprising: requesting a corresponding record from the database based on the record identifier; in response to obtaining the record, updating a request count associated with the record; and sending an indication of the request count in response to the authentication request.

12. The media of claim 11, wherein updating the request count associated with the record comprises one or more of: initializing or incrementing the request count; alternatively, updating the request count associated with the record comprises: storing an indication of a request count associated with the public access information within a decentralized computing platform associated with the public access information.

13. The medium of claim 11, wherein: requesting a corresponding record from the database based on the record identifier includes: a record within an immutable data store of the decentralized computing platform is requested.

14. The medium of claim 11, wherein: the indication of the request count indicates whether the validation request is a first request or a subsequent request received in association with the artifact.

15. A system implementing the media of any of claims 1-14, the system comprising: one or more processors configured to implement operations to facilitate multiple address access from a single address of a physical currency card.

Claims

1. An apparatus, comprising:

a physical card having a surface area of a first size corresponding to a face of the card;

a patch comprising a plurality of layers, the plurality of layers comprising:

a first adhesive layer having a surface area of a second size smaller than the first size, the first adhesive layer adhering to a corresponding area on a face of the card;

a first printed layer having a surface area similar to the second size, the first printed layer disposed over the first adhesive layer and including a hidden information portion provided with at least some private information;

a second adhesive layer having a surface area of a third size smaller than the first size and larger than the second size, wherein the second adhesive layer is disposed over the first printed layer, covers the hidden information portion of the first printed layer, extends beyond the first printed layer on at least three sides, and adheres to a corresponding surface area on a face of the card; and

A second printed layer having a surface area similar to the third size, wherein the second printed layer is disposed above the second adhesive layer and includes a public information portion that is not disposed with at least some public information;

wherein at least one of the layers disposed above the first printed layer, among the plurality of layers, comprises means for indicating tampering.

2. The apparatus of claim 1, wherein:

on the face of the card, a color chip is provided in at least the corresponding area to which the second adhesive layer is adhered.

3. The apparatus of claim 1, wherein:

the second adhesive layer includes the means for indicating tampering, the means for indicating tampering including: a first pattern associated with at least a portion of the surface area to which the second adhesive layer is adhered; and a corresponding second pattern associated with an adjacent layer above the second adhesion layer.

4. The apparatus of claim 3, comprising one or more of:

the second adhesive layer is configured to: setting the first pattern and setting the second pattern in response to lifting the adjacent layer away from the face of the card in one or more portions of the surface area to which the second layer of adhesive is adhered;

The first pattern configured to be visible on a face of the card in response to lifting the adjacent layer away from the face of the card; and

a corresponding second pattern configured to: each layer above the second adhesive layer is visible in at least some areas of the patch in response to lifting the adjacent layer away from the face of the card.

5. The apparatus of any of claims 1-4, further comprising second private information disposed on a face of the card, wherein:

the second private information is hidden by at least one layer disposed above the first printed layer including the tamper-evident device, and the second private information is disposed on a face of the card in a surface region corresponding to the first adhesive layer;

the first private information is a cipher text,

the second private information is an encryption key, an

The encryption key can be used to decrypt the ciphertext to obtain private access information in plaintext form that can be used to transfer a digital asset from one account to another.

6. The apparatus of any of claims 1-4, further comprising second private information disposed on a face of the card, wherein:

The second private information being hidden by a second means for indicating tampering, the second private information being disposed within an area of the card not corresponding to any adhesive layer;

the first private information is a cipher text,

the second private information is an encryption key, an

7. The device of claim 1, wherein the patch is a multi-component patch comprising:

a first component, the first component comprising:

the first adhesive layer; and

the first print layer further comprising a first common information portion on which an identifier is set during printing of the first print layer; and

a second assembly, the second assembly comprising:

the second adhesive layer;

the second printed layer further comprising a second common information portion on which at least the identifier is set during printing of the second printed layer; and

A window portion positioned to correspond to the first common information portion of the first printing layer.

8. The apparatus of claim 7, wherein:

the first component is formed on a first substrate,

the second component is formed on a second substrate, an

The second component is aligned with the first component based on the window, the identifier disposed on the first printed layer being visible within the window portion of the second component.

9. The apparatus of claim 7, wherein:

forming the first component on a substrate by sequentially disposing a first layer on the substrate, an

Forming the second component on the substrate by sequentially disposing a second layer on the substrate, thereby encapsulating the first component.

10. The apparatus of any one of claims 7 to 9, wherein:

the window is cut to a depth corresponding to the thickness of the second component in an area corresponding to the first common information portion, the identifier provided on the first printed layer being visible within the window portion of the second component.

11. The apparatus of any one of claims 7 to 9, wherein:

The window corresponds to a transparent portion of the second component, the identifier disposed on the first printed layer is visible within the window portion of the second component, an

The non-transparent portion of the second component corresponds to an area of the hidden information portion.

12. The apparatus of any one of claims 7 to 9, wherein:

at least some of the private information disposed within the hidden information portion of the first printed layer is associated with at least some of the information disposed within the second public information portion of the second printed layer, an

A match between the identifier provided on the first printed layer and the identifier provided on the second printed layer indicates a correspondence of the private information to at least some of the information provided within the second public information portion; enabling visual inspection of an identifier disposed on the first printed layer within the window portion without activating the anti-tampering feature; and enabling visual inspection of the identifier disposed on the second printed layer without activating the tamper-resistant feature.

13. The apparatus of any one of claims 7 to 9, wherein:

The second adhesive layer includes the anti-tamper feature that keeps a first pattern adhered to a substrate to which the second adhesive layer is securely adhered and a corresponding second pattern adhered to an adjacent layer above the second adhesive layer.

14. The apparatus of claim 13, wherein:

in one or more of the corresponding regions where the second adhesive layer adheres to the substrate, the first and second patterns are revealed when an adjacent layer above the second adhesive layer is lifted off the substrate.

15. The apparatus of any one of claims 1 or 7, wherein:

the object card is a metal card;

the symmetric encryption key is arranged on the metal card;

a removable mask is disposed on the metal card to hide at least a portion of the symmetric encryption key; and is

The private information includes ciphertext corresponding to a private key encrypted with the symmetric encryption key, the private key belonging to a key pair having a public key corresponding to at least some of the public information of the second print layer.